{"report_id":"8ef11320-d938-4722-815f-bfaa2a1ccd44","version":6,"status":"done","tags":[],"date":"2025-12-10T18:59:34Z","url":{"schema":"http","addr":"FLIXERPLUS.NET","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"ip":{"addr":"172.67.205.15","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"flixerplus.net/","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"title":"Unavailable For Legal Reasons 3355c","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"FLIXERPLUS.NET","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"ip":{"addr":"172.67.205.15","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-14T18:59:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":12}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"blubberspoiled.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"blubberspoiled.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"msdoj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"origunix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"cordbraghare.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"cordbraghare.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"cordbraghare.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"blubberspoiled.com","ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2023-06-08","domain_rank":3168523,"first_seen":"2023-06-08T11:45:11Z","last_seen":"2025-12-09T04:38:07.29971Z","alert_count":2,"request_count":1,"received_data":121894,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-12-10T15:40:22.980715Z","alert_count":6,"request_count":2,"received_data":171912,"sent_data":824,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"flixerplus.net","ip":{"addr":"104.21.37.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-08-12","domain_rank":0,"first_seen":"2025-12-10T15:40:22.487321Z","last_seen":"2025-12-10T15:40:22.487321Z","alert_count":0,"request_count":4,"received_data":121471,"sent_data":1933,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"performance.radar.cloudflare.com","ip":{"addr":"104.18.30.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":418040,"first_seen":"2022-06-29T10:44:51Z","last_seen":"2025-12-08T02:08:30.737173Z","alert_count":0,"request_count":1,"received_data":8154,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]},{"fqdn":"cordbraghare.com","ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-10-15","domain_rank":0,"first_seen":"2025-10-17T05:20:11.255078Z","last_seen":"2025-12-06T13:03:10.433793Z","alert_count":6,"request_count":2,"received_data":187116,"sent_data":896,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"vmuid.com","ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2018-10-22","domain_rank":182910,"first_seen":"2019-07-09T14:53:12Z","last_seen":"2025-12-04T10:18:13.947752Z","alert_count":0,"request_count":2,"received_data":11202,"sent_data":1018,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sourshaped.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2025-12-06T06:18:41.673017Z","alert_count":4,"request_count":2,"received_data":7806,"sent_data":938,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-07T22:17:02.440237Z","alert_count":0,"request_count":1,"received_data":1313,"sent_data":509,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"msdoj.com","ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2025-07-01","domain_rank":211684,"first_seen":"2025-07-02T02:58:17.140394Z","last_seen":"2025-12-05T06:29:41.07173Z","alert_count":2,"request_count":2,"received_data":64950,"sent_data":958,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"18.195.78.6","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-12-09T19:41:14.303979Z","alert_count":0,"request_count":2,"received_data":846,"sent_data":888,"comment":"","tags":null,"fingerprints":null},{"fqdn":"origunix.com","ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-11-30","domain_rank":343993,"first_seen":"2021-11-30T12:40:27Z","last_seen":"2025-12-04T17:25:00.058593Z","alert_count":1,"request_count":1,"received_data":64562,"sent_data":447,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"flixerplus.net/","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"ip":{"addr":"104.21.37.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6fa531aea625644b4845cdedbaefa155","sha1":"dbc683c7f4b36dc9ba4b75fe87a905e3dd64a3c8","sha256":"8b096d24bab6fa7f6a13830695075efbfb705f21d354f19b5f80f85eed3935c3","sha512":"325aa7715b654542352986548f0ebff09b4c83ac956545cfe4585539fca4864fc5bed6b5fadbdf67a3f3470c78509bba3898302f92699029ae6065264866abf4","ssdeep":"","tlshash":"13017b8091005635d0af5594852f59a82d27a3792cfbc11e7cccc1ce64b0f9ab46ddf6","size":664,"data":"","first_seen":"2025-04-11T19:19:11.393084Z","last_seen":"2025-12-10T18:59:36.668239Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cordbraghare.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js","fqdn":"cordbraghare.com","domain":"cordbraghare.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"33cd0143d98c278201a1b5824e9b7b82","sha1":"0a4824c3ae869c34a39d66d98ab430eb16f4c438","sha256":"66ae49044980a787ff1e5c81b66950b9366552bc875f75115b0200846b93fe2b","sha512":"8940ebe76f1c43aaba35c8448cd02682ef0aea18511e132c6dd0f2813965221efbf6f6aa2833bc61d6a8e26109b77ed76e3abaa2a970d0a587b75c621dafce94","ssdeep":"1536:x9yUBg8XFOUGTAVTesz3WArOwlNyBv77NzxpQ2jFFwByjIV:x3B91cepUhxpJwCIV","tlshash":"5e7309487f82b15b5352a073627fd047f0256f1261ecd498d123e6a86f6c33af636b98","size":78851,"data":"","first_seen":"2025-12-10T18:59:36.658309Z","last_seen":"2026-01-11T23:43:21.272221Z","times_seen":108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flixerplus.net/","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"ip":{"addr":"104.21.37.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3316c71b55df39952eeffb756486eff5","sha1":"9a601cba59d10b4ac28a4e8468a8b76eaca5ff65","sha256":"07c51754ba0fb1c7ed290066215a057d736dabf91341aa3ccf109b2a8cf6be11","sha512":"f63639e5f3495caee770ee96fc369c7e0bba09f15d3ab6a3325eabf38ecfac98724c6155a1ce75a42f60884cb06986b700afe0c37d48785a3126bb06868ac8b1","ssdeep":"","tlshash":"9811c4797a165534c5d5414b317df7a93d3260617a029184c2accc255d58e8714dfcbe","size":902,"data":"","first_seen":"2025-12-10T15:40:31.168707Z","last_seen":"2025-12-10T18:59:36.669276Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flixerplus.net/","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"ip":{"addr":"104.21.37.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f6366c07b3ece709e7ef6234d8f138a5","sha1":"a3f554bf4d4c6da3d1eae66eff8c4b25636806bb","sha256":"f9349c610529501cd94579ca20da8d89374137caab800e5f135f0ae73097fe79","sha512":"884c69a1033fb2b456df67512728d784c057a546ec4050d1e5609341298bb122cc899cc0916856d43b55207bc2c6c91bdebea7264be1ceed3e2cfab0e6f65c16","ssdeep":"1536:X2H72+i5S/v3UqmN9IKoBH4xWXbS3guIDieh0zUh:XC/29IKoTDi6h","tlshash":"1473b8ccb6a674618263f5b5412f000fb23b599af8484dacb288d8e1adb594c417bf7d","size":79168,"data":"","first_seen":"2025-12-10T15:40:31.169504Z","last_seen":"2025-12-10T18:59:36.670874Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"origunix.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8","fqdn":"origunix.com","domain":"origunix.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a23982a1cf9d8c3b0a5e5e27ce732d35","sha1":"21c9d02dafd29c8904019b01196aa933f7f2133b","sha256":"566624e9b74d35f6bc48b6f96c69953814b3927783f4705b0d76615a1c90c144","sha512":"1d767b6b748eabcfbcfff0b359fe45a56ed878f7c7481ca7c37ac3d1c2e95d9cdc642e2f27fa5c6b5db796ccb6d2e2ac33cbd84533050f731b8c9325beab36ea","ssdeep":"","tlshash":"ba110ea832e5f8c253d379a5062f4006f23a1c7904bdf5d1d389c9e1bc7804d9166f6a","size":1000,"data":"","first_seen":"2025-08-26T14:52:16.569256Z","last_seen":"2025-12-24T22:57:17.616129Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flixerplus.net/","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"ip":{"addr":"104.21.37.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8103576f25134709c6379225ab68c61c","sha1":"c4624ece531a504bc23705a6d7caa5624bdd6060","sha256":"8f02eca762eeaf23f70e8eb8f43c900611fc3aa10094e5c6e11cb9d60c13b08e","sha512":"177aa57e6fb0054e17573b4039e624bf387fe9c0d56c3316794772d01e038340931b01f72df7da26a4a755be4cbe51490d38288057a812664814b27410b33c20","ssdeep":"","tlshash":"2bf0ebfa3da060308699f1a5a15aaa68b476a8246004690988ce84c8ace0a9d4e6969c","size":551,"data":"","first_seen":"2025-12-10T15:40:31.170277Z","last_seen":"2025-12-10T18:59:36.675143Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cordbraghare.com/22/00/54/2200540f09f939738419313a1a090c32.js","fqdn":"cordbraghare.com","domain":"cordbraghare.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a53fd25f85cfb0d48cae81283ae4ab8c","sha1":"12decc3611ce25394be4325f3d994e4f9ca3a7c3","sha256":"62dc78c6115778c841f0b49dcead30165a0b1e572ec8bcc2e90732c7e6ec3d4e","sha512":"fad0477bd25a8587d6e1179e4432e71ad18654bc420c057c5c91715ee2404b3bcba0844926aae5dc3dd0c0c5460247c5b10da7182c61685991efe8496620b7ae","ssdeep":"1536:EpOvTY8Afd1ow5ZEUjHzQSF63R2LbqKYmEqMTd01yLVH2WQgPrNQCld5h4s9imf6:qXLD33COgu+bAKaS8","tlshash":"c6a3cad97f40f06d4271607a213fa00af25b0e46688cd59ce117f6a42fa865fe57ef28","size":106581,"data":"","first_seen":"2025-12-02T11:34:35.643439Z","last_seen":"2025-12-24T03:53:32.804892Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vmuid.com/script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8","fqdn":"vmuid.com","domain":"vmuid.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"c815f52518bf4fb719c49355a389c1b2","sha1":"5646fd41cc517bdaf21da5be232ed916fe1c5c99","sha256":"6d288f47792f57e8af0946d0e1404243e020b48887ec3214b1e008b8f2de485b","sha512":"61fc422d60516c2a1b61df52ef1973181d106d4c11aac43ebfd2a9da0d4d4c7b0da3df1c75b28aacd2c031f58dfe86ff4174d5c939618269d4699534c488a985","ssdeep":"","tlshash":"8911afba71e1f8e11357a0a4422f5406f26a487523aea4d1c346da95bc3404e5071fb9","size":1000,"data":"","first_seen":"2025-04-19T20:20:28.829194Z","last_seen":"2025-12-26T09:28:09.594214Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"sourshaped.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 10 Dec 2025 18:59:12 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e8993d762f29b7bad4b7cf9bdfb8652e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":699,"timings":{"blocked":301,"dns":22,"connect":92,"send":0,"wait":94,"receive":1,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 10 Dec 2025 18:59:11 GMT\r\ndate: Wed, 10 Dec 2025 18:59:11 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":627,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"877496fe3a6a1da55e3ea40df10e6f7f","sha1":"9b19bdb4db0a73fbb3822828181f8317605807ae","sha256":"c804426d8c17c944cbf9eb8d56f9fbd9a4800656911a530c1105897e42d4ffcd","sha512":"4b2cfbdca7397a5bb7567c33f5805ecdea89b6fe797efcd06eee5c95c3bea0e7e926a8072ff18ee775894468ac2a5bb7f46c7d5a17c92fa96c5b373f3b87e421","ssdeep":"","tlshash":"21f0ac986a1a5805a1150c97330f3f220e1e451f294ad8feaf410d0c9efe5774345b0f","first_seen":"2025-12-10T18:15:20.429106Z","last_seen":"2026-01-07T00:27:33.471898Z","times_seen":523,"resource_available":false,"data":null}},"time_used":366,"timings":{"blocked":161,"dns":0,"connect":21,"send":0,"wait":33,"receive":0,"ssl":145},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"blubberspoiled.com/7c/0a/99/7c0a99a2c141332c4647a2b0d64dbffe.js","fqdn":"blubberspoiled.com","domain":"blubberspoiled.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"blubberspoiled.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 20:52:14 GMT","end":"Tue, 24 Feb 2026 20:52:13 GMT"},"fingerprint":{"sha1":"EB:A6:AA:4F:BA:6B:3B:6B:73:CB:31:97:5D:30:9F:FA:C1:93:0E:34","sha256":"81:8D:B5:C3:C9:69:37:17:15:8C:19:01:CA:1D:1C:8D:7B:87:D8:70:A8:E0:9A:3E:18:DB:FB:26:A0:83:E1:5A"}}},"request":{"raw":"GET /7c/0a/99/7c0a99a2c141332c4647a2b0d64dbffe.js HTTP/1.1\r\nHost: blubberspoiled.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 10 Dec 2025 18:59:11 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 45390\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 7\r\nHost: blubberspoiled.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b4573710fc906425f579543d8252e317\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":121050,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b2cb08cce9b35863146c8384bbeeaab7","sha1":"76fc6a8a0e520db57806c9e318dbba503c0775c7","sha256":"4bc4a22c759e99a8ef776e789d8994c8ee4ad63a7856bf1fb48ca0d485d2a099","sha512":"18e719af675e6eb908778655488003a42688aa21959778c166642d98aa6d039c0bde8bbfe20373d46950e48bd905f3a155e09acb68c55f94adeda242d3704ad3","ssdeep":"1536:rftYSad+XtemOnAWney94sIbUEibawTldZg2Gu7eP59f/dALsb9F:SRKibawTJD77i3nb","tlshash":"50c3d5887fa1f25c03867472263fa41ae12a9e4150acf1b4e106f4ad2dbc76fd47e764","first_seen":"2025-12-07T07:03:46.52575Z","last_seen":"2025-12-10T18:59:36.640959Z","times_seen":4,"resource_available":false,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":37,"connect":92,"send":0,"wait":105,"receive":185,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"blubberspoiled.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"blubberspoiled.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"msdoj.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8","fqdn":"msdoj.com","domain":"msdoj.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"msdoj.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 00:31:17 GMT","end":"Tue, 27 Jan 2026 00:31:16 GMT"},"fingerprint":{"sha1":"24:3D:C6:95:D8:7C:0F:F7:6E:05:D9:71:DB:8D:BE:15:4C:3B:92:CE","sha256":"0C:9E:BC:EA:67:F6:9E:73:4F:7F:C8:1D:F5:E7:D4:2C:AC:98:87:88:3F:AA:AC:79:61:82:13:14:4A:68:FD:2A"}}},"request":{"raw":"GET /sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1\r\nHost: msdoj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://flixerplus.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Dec 2025 18:59:11 GMT\r\nContent-Type: text/javascript\r\nContent-Length: 64157\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64157,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (64157), with no line terminators","md5":"5c41147ad36b4d813b68d8be2a50929e","sha1":"ae067ae81aa353bb1a4370e3545e3946d5494cb1","sha256":"b7a13268ee7d42d6250daa2fe20c990540c1b4325f620040bf3e0f34b8813146","sha512":"89464969b4c70ff03c0f8c2a6c238c3226b4e6fc6460a86c7956a06f31b1fc25b7ef697120ba726adaf0afafda4e23c39ecbe8196a1de1f4cb613c27cb93709d","ssdeep":"768:hCflSCRC850RCX+4D+R8WyX+86wA6C8Cflqu4sTJ+zaXeXgtA9zk4sTJ+HXJpZ6R:qvV50gPowAzqfTqj9","tlshash":"3b53d698b5d2f1a102c370b8543f6106b2366929248dc098f7b5ded5ad78d6ea633f3c","first_seen":"2025-12-10T18:59:36.642948Z","last_seen":"2025-12-10T18:59:36.642948Z","times_seen":1,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":85,"dns":3,"connect":25,"send":0,"wait":51,"receive":27,"ssl":55},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"msdoj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 10 Dec 2025 18:59:11 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b15276ea9ea513a0e27a3718ea3b9f3b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-22T17:50:15.516268Z","times_seen":14531,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":52,"dns":1,"connect":17,"send":0,"wait":25,"receive":18,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.195.78.6","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://flixerplus.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 10 Dec 2025 18:59:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://flixerplus.net\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=103033e3-f57b-4379-8a75-d0401ba9d569:2:1; expires=Sat, 08 Dec 2035 18:59:11 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"547e004c0d70478d959c3e4e3af03d74","sha1":"583e8136d5fc199900c6146db22661265ad687ef","sha256":"eacbd66d151a58fb01f594823a33e3e21a96826149fba32834d0fb7ecf9fd883","sha512":"855b9d2bd5d7bf43e25be12fd8a4ee8a408fd9abc4eff223a197fb3c4e86471e996e7c7bf4f30f8af3df055ca041389d02b7220235a425a0154da27efcfaf6bb","ssdeep":"","tlshash":"df90045f0414104d1f3d44331d41f1dc01c1d3745433441d557557f054c0401f1c5130","first_seen":"2025-12-10T18:59:36.647829Z","last_seen":"2025-12-10T18:59:36.647829Z","times_seen":1,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":141,"dns":0,"connect":22,"send":0,"wait":22,"receive":0,"ssl":122},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"msdoj.com/hit","fqdn":"msdoj.com","domain":"msdoj.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"msdoj.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 00:31:17 GMT","end":"Tue, 27 Jan 2026 00:31:16 GMT"},"fingerprint":{"sha1":"24:3D:C6:95:D8:7C:0F:F7:6E:05:D9:71:DB:8D:BE:15:4C:3B:92:CE","sha256":"0C:9E:BC:EA:67:F6:9E:73:4F:7F:C8:1D:F5:E7:D4:2C:AC:98:87:88:3F:AA:AC:79:61:82:13:14:4A:68:FD:2A"}}},"request":{"raw":"POST /hit HTTP/1.1\r\nHost: msdoj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: multipart/form-data; boundary=---------------------------415654951320834990633395315101\r\nContent-Length: 1201\r\nOrigin: https://flixerplus.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1201,"data":"-----------------------------415654951320834990633395315101\r\nContent-Disposition: form-data; name=\"sid\"\r\n\r\n4dd7d833-3142-4a3f-a135-6fb1263ef9b8\r\n-----------------------------415654951320834990633395315101\r\nContent-Disposition: form-data; name=\"placement\"\r\n\r\n\r\n-----------------------------415654951320834990633395315101\r\nContent-Disposition: form-data; name=\"lid\"\r\n\r\n0\r\n-----------------------------415654951320834990633395315101\r\nContent-Disposition: form-data; name=\"d\"\r\n\r\n1\r\n-----------------------------415654951320834990633395315101\r\nContent-Disposition: form-data; name=\"rot\"\r\n\r\n0\r\n-----------------------------415654951320834990633395315101\r\nContent-Disposition: form-data; name=\"sub1\"\r\n\r\n\r\n-----------------------------415654951320834990633395315101\r\nContent-Disposition: form-data; name=\"sub2\"\r\n\r\n\r\n-----------------------------415654951320834990633395315101\r\nContent-Disposition: form-data; name=\"sub3\"\r\n\r\n\r\n-----------------------------415654951320834990633395315101\r\nContent-Disposition: form-data; name=\"sub4\"\r\n\r\n\r\n-----------------------------415654951320834990633395315101\r\nContent-Disposition: form-data; name=\"sub5\"\r\n\r\n\r\n-----------------------------415654951320834990633395315101--\r\n"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Dec 2025 18:59:11 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 2\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: av_sw_hit=1; expires=Thu, 11 Dec 2025 18:59:11 GMT; secure; SameSite=None\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"e0aa021e21dddbd6d8cecec71e9cf564","sha1":"9ce3bd4224c8c1780db56b4125ecf3f24bf748b7","sha256":"565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3","sha512":"900110c951560eff857b440e89cc29f529416e0e3b3d7f0ad51651bfdbd8025b91768c5ed7db5352d1a5523354ce06ced2c42047e33a3e958a1bba5f742db874","ssdeep":"","tlshash":"c710000000000000000000030000000030000000000000000c000000c0000000000000","first_seen":"2023-03-09T09:04:49Z","last_seen":"2026-04-22T19:09:49.618123Z","times_seen":274184,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"msdoj.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flixerplus.net/","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"ip":{"addr":"104.21.37.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-10T18:59:10.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flixerplus.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 02:00:59 GMT","end":"Mon, 16 Feb 2026 02:59:25 GMT"},"fingerprint":{"sha1":"41:50:36:0D:1E:38:E0:13:49:C3:EC:69:38:F1:4B:2F:F1:6F:B7:1D","sha256":"72:6F:3C:DE:3F:CE:B5:EE:0B:4E:D7:D4:C7:78:C4:BD:A8:FE:98:1B:A2:C4:4C:08:14:25:AF:A4:84:14:47:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: flixerplus.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 10 Dec 2025 18:59:10 GMT\r\ncontent-type: text/html;charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vjOnxktj6pLJjl5nZBwSjS0BhGHeeZZtp2%2Fra3CzXhmnLgYFVBwoL5rJKwfSaCBNmTWbcyKWsTCmmH0pc%2FRM%2BlmqmdM27E1Usyu6WayT\"}]}\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: max-age=14400, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\nage: 11951\r\ncf-cache-status: HIT\r\nlast-modified: Wed, 10 Dec 2025 15:39:59 GMT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9abefa590fdb0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95875,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (2056)","md5":"5d6b0b429fffb01a9af2da516c7c9c31","sha1":"fe3643691290d61c207b539d99f2410470b4970f","sha256":"981df8cc58a72bc5f4a4e78825dfb02e07e767dca75782a8a264ffd41bd66361","sha512":"c296db72333aa09df7c9df11fb9b61ae3bfffca3846ecd58411f11f6c6fabec29db62c3cdccb533fdcc15de99e671f21a7b5e73f9841fd84d2e562b08355ade7","ssdeep":"1536:2hx/z2H72+i5S/v3UqmN9IKoBH4xWXbS3guIDieh0zUgqe1zHisx/i:2zzC/29IKoTDi6M1di","tlshash":"7293d8c8b6a274658363b5b5513f000ef23b599af8084cacb288d8e16eb4d4d457bf7d","first_seen":"2025-12-10T18:59:36.651336Z","last_seen":"2025-12-10T18:59:36.651336Z","times_seen":1,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":18,"dns":1,"connect":1,"send":0,"wait":16,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"performance.radar.cloudflare.com/beacon.js","fqdn":"performance.radar.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.30.78","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"radar.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 21:15:49 GMT","end":"Tue, 13 Jan 2026 22:15:46 GMT"},"fingerprint":{"sha1":"12:69:5B:90:83:B7:EB:E6:E9:C2:E7:8E:D9:16:EB:A7:1D:BB:35:D1","sha256":"BE:BF:9E:3A:6B:32:8A:B0:C4:B1:C2:1B:A1:80:AB:0A:8B:19:A8:01:EE:D3:0F:1C:4E:1A:2C:AF:CA:5F:EC:2D"}}},"request":{"raw":"GET /beacon.js HTTP/1.1\r\nHost: performance.radar.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 10 Dec 2025 18:59:11 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\ncache-control: no-store, max-age=0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\nreferrer-policy: no-referrer\r\ntiming-allow-origin: *\r\nset-cookie: __cf_bm=ukfxPabQuKCRARQXlxmLSqJor3gF6kWfCAbSWej7Uo8-1765393151-1.0.1.1-RhP6jv94JjvJxo4ELRTDmjzydwnHWKyVYYHSaIAAFkzigfVDuXwXP7E6VaBeDHV_L4aeRmvGMIbhnFTVBnqS2xI1Drmap7QZE8n6hGZLciI; path=/; expires=Wed, 10-Dec-25 19:29:11 GMT; domain=.radar.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9abefa5abfc3c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":7325,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (7324)","md5":"d1f4a68b63d7422e2cb1ea40ddf1a8df","sha1":"0c778d11464f725d5c2e870020ded0d5d32ea1d0","sha256":"a6c8d448d38f036e65cf831090df6d1f55677ae877189b6895db6ce243d55eaf","sha512":"37a4afdd7293e8f966c96505c6da317b5ffda47690fdedd4fb2b0c0663190b8215de00d3a711af96a572abda9de117ffc9dd26e42b863008539253b9d02d8a6a","ssdeep":"192:qWTavxSxKBV/oRks10BINTAPAWVZb7+QSRNVF1ZvByrE:q0avxSxKBV/0ks6usZWQSRNVF1ZvByrE","tlshash":"8de1187767914652cb86009500aaf35fb126f20a07c1a1afb61fcc6b3798f8377e6356","first_seen":"2025-12-10T18:59:36.65371Z","last_seen":"2025-12-10T18:59:36.65371Z","times_seen":1,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":23,"dns":10,"connect":1,"send":0,"wait":33,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"origunix.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8","fqdn":"origunix.com","domain":"origunix.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"origunix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 00:53:29 GMT","end":"Fri, 13 Feb 2026 00:53:28 GMT"},"fingerprint":{"sha1":"9A:82:B0:78:7F:3A:61:44:DF:8B:3C:65:DF:90:D3:DE:D7:A5:3F:5A","sha256":"33:E1:86:A6:9D:73:93:8A:8D:7C:BA:D7:90:78:72:3E:23:0C:BC:1D:81:D4:54:CC:78:54:2C:F8:67:5A:FD:C0"}}},"request":{"raw":"GET /sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1\r\nHost: origunix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 10 Dec 2025 18:59:11 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\nLocation: https://msdoj.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64157,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T19:09:25.22698Z","times_seen":14072869,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":80,"dns":1,"connect":26,"send":0,"wait":26,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"origunix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flixerplus.net/user.php","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"ip":{"addr":"104.21.37.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flixerplus.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 02:00:59 GMT","end":"Mon, 16 Feb 2026 02:59:25 GMT"},"fingerprint":{"sha1":"41:50:36:0D:1E:38:E0:13:49:C3:EC:69:38:F1:4B:2F:F1:6F:B7:1D","sha256":"72:6F:3C:DE:3F:CE:B5:EE:0B:4E:D7:D4:C7:78:C4:BD:A8:FE:98:1B:A2:C4:4C:08:14:25:AF:A4:84:14:47:2F"}}},"request":{"raw":"POST /user.php HTTP/1.1\r\nHost: flixerplus.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 39\r\nOrigin: https://flixerplus.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":39,"data":"action=e3540d82f40700bd5b2ed9054460c4ed"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 10 Dec 2025 18:59:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mwABDoILv1ymmghMC9k%2BpyxQJOScY4Jhnygoc3%2FUb1eCUwYhGe%2FkbtvckAwIEDbYNOrhnxqFcg2Xml5oJnUnBT8aKsXxFEyF1fr11A%3D%3D\"}]}\r\ncf-ray: 9abefa5c7ca8b503-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T19:09:25.22698Z","times_seen":14072869,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 10 Dec 2025 18:59:11 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f4abac03cc8f8541d64dff41b582780a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-22T17:50:15.516268Z","times_seen":14531,"resource_available":true,"data":null}},"time_used":186,"timings":{"blocked":65,"dns":1,"connect":17,"send":0,"wait":35,"receive":18,"ssl":47},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flixerplus.net/cdn-cgi/styles/main.css","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"ip":{"addr":"104.21.37.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flixerplus.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 02:00:59 GMT","end":"Mon, 16 Feb 2026 02:59:25 GMT"},"fingerprint":{"sha1":"41:50:36:0D:1E:38:E0:13:49:C3:EC:69:38:F1:4B:2F:F1:6F:B7:1D","sha256":"72:6F:3C:DE:3F:CE:B5:EE:0B:4E:D7:D4:C7:78:C4:BD:A8:FE:98:1B:A2:C4:4C:08:14:25:AF:A4:84:14:47:2F"}}},"request":{"raw":"GET /cdn-cgi/styles/main.css HTTP/1.1\r\nHost: flixerplus.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=12%2FhzCQinXJJbqK22Bt23DQYNtTvENo%2Bm2pWJMk6yr9UMgaHWRWGAO1%2BoG9lhcp3jnQm572Y1lG3U%2FpEAEC3ZxrQ%2FetUifU3hJPE%2FA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ndate: Wed, 10 Dec 2025 18:59:11 GMT\r\ncf-ray: 9abefa5a8c80b503-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8013,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8012)","md5":"ff26f59e28a5fe6ea4ab23586415696b","sha1":"4182675484d175e363cd34b43041b7b1af93d0cd","sha256":"d30b4ea6f68456672f5abb35e9dcf7d54226372b66e9d60a7ee26b7a52568e74","sha512":"92c58eef6d1f885806450acd2927c57ebea2e8762c98b0826192555674bd4478e42add192834285d5934c0a76db8eac5eee1a65dc34b6f69246fad6c91a5fba4","ssdeep":"96:1jMh3JNJinvaE5TQRGxfldudududEtCbnaimpSpIplDO6bU6b16bE6bb6bNdkd94:1jMFJiva655dimwqjlP0/mGTZxRbC","tlshash":"75f1851bbf49104e3023886ae2c5a78d912dd282ee535bfff7173561cbc52fa1552b24","first_seen":"2023-04-05T04:39:40Z","last_seen":"2026-04-22T19:11:13.672513Z","times_seen":76665,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cordbraghare.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js","fqdn":"cordbraghare.com","domain":"cordbraghare.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cordbraghare.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Oct 2025 09:03:59 GMT","end":"Tue, 13 Jan 2026 09:03:58 GMT"},"fingerprint":{"sha1":"F7:61:EB:D3:87:63:39:5E:37:E5:5B:76:89:AA:51:8D:38:D2:5E:78","sha256":"5D:83:AA:A0:01:37:BC:23:75:58:BD:25:9A:7A:5A:77:7C:07:1F:D4:85:06:9F:B9:F6:5A:A4:D9:64:7B:DE:7C"}}},"request":{"raw":"GET /a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js HTTP/1.1\r\nHost: cordbraghare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 10 Dec 2025 18:59:11 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 30205\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: cordbraghare.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 49612dcc95287c1cd768e5124cb7edd9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78851,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"33cd0143d98c278201a1b5824e9b7b82","sha1":"0a4824c3ae869c34a39d66d98ab430eb16f4c438","sha256":"66ae49044980a787ff1e5c81b66950b9366552bc875f75115b0200846b93fe2b","sha512":"8940ebe76f1c43aaba35c8448cd02682ef0aea18511e132c6dd0f2813965221efbf6f6aa2833bc61d6a8e26109b77ed76e3abaa2a970d0a587b75c621dafce94","ssdeep":"1536:x9yUBg8XFOUGTAVTesz3WArOwlNyBv77NzxpQ2jFFwByjIV:x3B91cepUhxpJwCIV","tlshash":"5e7309487f82b15b5352a073627fd047f0256f1261ecd498d123e6a86f6c33af636b98","first_seen":"2025-12-10T18:59:36.658309Z","last_seen":"2026-01-11T23:43:21.272221Z","times_seen":108,"resource_available":true,"data":null}},"time_used":764,"timings":{"blocked":283,"dns":1,"connect":96,"send":0,"wait":98,"receive":93,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"cordbraghare.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"cordbraghare.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"cordbraghare.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vmuid.com/script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8","fqdn":"vmuid.com","domain":"vmuid.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vmuid.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 01:58:17 GMT","end":"Fri, 13 Feb 2026 01:58:16 GMT"},"fingerprint":{"sha1":"55:AF:2A:55:F7:0A:50:14:17:98:81:98:2F:E8:79:25:A1:F4:CB:F1","sha256":"14:5E:46:EB:2B:61:ED:58:DA:3F:13:A4:5D:6C:7E:DC:01:97:B8:6B:1A:B3:A0:4F:05:97:01:DB:FE:C8:70:B1"}}},"request":{"raw":"GET /script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1\r\nHost: vmuid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Dec 2025 18:59:11 GMT\r\nContent-Type: text/javascript\r\nContent-Length: 10178\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version\r\nX-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10178,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (10178), with no line terminators","md5":"dedd352338543b137f608adc8d0d4aa8","sha1":"100edb4e8fef9b6da043d51135077e68d2a61b22","sha256":"b338a91ba1d2ab7c3a7a0dd659426f5ffa4cd699be38e2bed5075c4d3e773a48","sha512":"e2fab4d95d5baa013a7c248945156524478341282dcffc462fb2de318f55ba29dcafba0db3abcfb6399c6164f6f630f06d48a7323b73f8ea05d5978cd60a4c5c","ssdeep":"192:ATn+ip4qxJ/gzuvu3fo8idwqnOqgStYc1qRP44+PHlCXXZE7904AxF:YbRJYz3oe+3tYGGx+NGXZCAn","tlshash":"2b22b5c9b2d2f06443d77161942f2007f23b2869b54dc498eb66e8d3bcb045ea227f79","first_seen":"2024-01-26T05:18:07Z","last_seen":"2025-12-29T12:17:25.567723Z","times_seen":3656,"resource_available":true,"data":null}},"time_used":214,"timings":{"blocked":89,"dns":1,"connect":31,"send":0,"wait":28,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=784\u0026rd=784\u0026fd=520\u0026bv=25.12.2106\u0026tmpl=70","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=784\u0026rd=784\u0026fd=520\u0026bv=25.12.2106\u0026tmpl=70 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 10 Dec 2025 18:59:12 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T19:09:25.22698Z","times_seen":14072869,"resource_available":true,"data":null}},"time_used":722,"timings":{"blocked":311,"dns":27,"connect":94,"send":0,"wait":97,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.195.78.6","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://flixerplus.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 10 Dec 2025 18:59:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://flixerplus.net\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=d2c60f74-8428-4a24-b12a-80409503afc9:3:1; expires=Sat, 08 Dec 2035 18:59:11 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"59fcf59d6e748626db89b804b983f2d5","sha1":"26058e5a5139bad17ac22812e456c5a937b84a02","sha256":"ed63aa7128e2d1f565ec7db1c783f758ca9e0147a3440ae7f9044f3099fdadc6","sha512":"1d03aa1229a2fe1e9ea8066f123bb0f4566ff87380e725091a8bec502e4038eb87d972643b6bf1605e5f7faf1d17922354908d973c2d57671fafe7c0cdac1afa","ssdeep":"","tlshash":"bd9004433f50317dc0471d550c44054540c1441f1d13c1d0440073304057150f431043","first_seen":"2025-12-10T18:59:36.661292Z","last_seen":"2025-12-10T18:59:36.661292Z","times_seen":1,"resource_available":false,"data":null}},"time_used":388,"timings":{"blocked":180,"dns":14,"connect":23,"send":0,"wait":22,"receive":0,"ssl":146},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flixerplus.net/favicon.ico","fqdn":"flixerplus.net","domain":"flixerplus.net","tld":"net"},"ip":{"addr":"104.21.37.66","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:12.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flixerplus.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 02:00:59 GMT","end":"Mon, 16 Feb 2026 02:59:25 GMT"},"fingerprint":{"sha1":"41:50:36:0D:1E:38:E0:13:49:C3:EC:69:38:F1:4B:2F:F1:6F:B7:1D","sha256":"72:6F:3C:DE:3F:CE:B5:EE:0B:4E:D7:D4:C7:78:C4:BD:A8:FE:98:1B:A2:C4:4C:08:14:25:AF:A4:84:14:47:2F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: flixerplus.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nCookie: prefix_views_counter=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 10 Dec 2025 18:59:12 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\npriority: u=6,i=?0\r\nlast-modified: Fri, 18 Aug 2023 14:22:17 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nage: 11950\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"64df7e99-3aee\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Jy2OcAZsuxjVpqJCO3wFWEQOAsPSoWbbfRa0c3dKNBmIOiJjro%2BJ9z8tNHzWwxCZT3ckiOAOZOwoUY7TnTCPn1pZI0cJ%2FoUlwL9%2B%2Fg%3D%3D\"}]}\r\ncf-ray: 9abefa64ad64b503-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"90012b1165d01c88cdf7365c13662677","sha1":"94dc16b8e68e370438d6c9acd177748a7ad14607","sha256":"409cdb708aa7ad5ff7d28dcf3bc95555e8ad5462843264116133c1578f3dde4d","sha512":"b0d99ae1a98a8d8ccc9f72ffbc052050e6322134b7fec172a8ad5f7b5cef617953ad27ca31b687c67ace1f2fb5c1357de340990cc76d7eaf1036abadb85a17ce","ssdeep":"192:jYxEvaZFcXXASbHHHH1HHxHHHH6HHFHHHHHHvNHHHLHHHHHFHHHmHHHHcHvHHHHG:jYxLvAXZulqYelk3ORL/","tlshash":"116251fb262e2f6ccc65c179be258b8de60525a797db2402cfe877451b930271f2b140","first_seen":"2025-12-10T15:40:31.161933Z","last_seen":"2025-12-10T18:59:36.663153Z","times_seen":2,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cordbraghare.com/22/00/54/2200540f09f939738419313a1a090c32.js","fqdn":"cordbraghare.com","domain":"cordbraghare.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cordbraghare.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Oct 2025 09:03:59 GMT","end":"Tue, 13 Jan 2026 09:03:58 GMT"},"fingerprint":{"sha1":"F7:61:EB:D3:87:63:39:5E:37:E5:5B:76:89:AA:51:8D:38:D2:5E:78","sha256":"5D:83:AA:A0:01:37:BC:23:75:58:BD:25:9A:7A:5A:77:7C:07:1F:D4:85:06:9F:B9:F6:5A:A4:D9:64:7B:DE:7C"}}},"request":{"raw":"GET /22/00/54/2200540f09f939738419313a1a090c32.js HTTP/1.1\r\nHost: cordbraghare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flixerplus.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 10 Dec 2025 18:59:11 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38169\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: cordbraghare.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 73c00b034c8153510f22fa2a89cf5050\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":106581,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"a53fd25f85cfb0d48cae81283ae4ab8c","sha1":"12decc3611ce25394be4325f3d994e4f9ca3a7c3","sha256":"62dc78c6115778c841f0b49dcead30165a0b1e572ec8bcc2e90732c7e6ec3d4e","sha512":"fad0477bd25a8587d6e1179e4432e71ad18654bc420c057c5c91715ee2404b3bcba0844926aae5dc3dd0c0c5460247c5b10da7182c61685991efe8496620b7ae","ssdeep":"1536:EpOvTY8Afd1ow5ZEUjHzQSF63R2LbqKYmEqMTd01yLVH2WQgPrNQCld5h4s9imf6:qXLD33COgu+bAKaS8","tlshash":"c6a3cad97f40f06d4271607a213fa00af25b0e46688cd59ce117f6a42fa865fe57ef28","first_seen":"2025-12-02T11:34:35.643439Z","last_seen":"2025-12-24T03:53:32.804892Z","times_seen":39,"resource_available":true,"data":null}},"time_used":763,"timings":{"blocked":280,"dns":8,"connect":92,"send":0,"wait":99,"receive":92,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"cordbraghare.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"cordbraghare.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-10","alert":"Sinkholed","trigger":"cordbraghare.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vmuid.com/uid/send","fqdn":"vmuid.com","domain":"vmuid.com","tld":"com"},"ip":{"addr":"178.162.215.162","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://flixerplus.net/","date":"2025-12-10T18:59:11.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vmuid.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 15 Nov 2025 01:58:17 GMT","end":"Fri, 13 Feb 2026 01:58:16 GMT"},"fingerprint":{"sha1":"55:AF:2A:55:F7:0A:50:14:17:98:81:98:2F:E8:79:25:A1:F4:CB:F1","sha256":"14:5E:46:EB:2B:61:ED:58:DA:3F:13:A4:5D:6C:7E:DC:01:97:B8:6B:1A:B3:A0:4F:05:97:01:DB:FE:C8:70:B1"}}},"request":{"raw":"POST /uid/send HTTP/1.1\r\nHost: vmuid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://flixerplus.net/\r\nContent-Type: multipart/form-data; boundary=---------------------------109126163736701453911763304498\r\nContent-Length: 323\r\nOrigin: https://flixerplus.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":323,"data":"-----------------------------109126163736701453911763304498\r\nContent-Disposition: form-data; name=\"uid\"\r\n\r\n36e39786-c298-4b33-ae38-ad4f6a7a5db4\r\n-----------------------------109126163736701453911763304498\r\nContent-Disposition: form-data; name=\"placement\"\r\n\r\n\r\n-----------------------------109126163736701453911763304498--\r\n"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 10 Dec 2025 18:59:11 GMT\r\nContent-Type: application/json\r\nContent-Length: 65\r\nConnection: keep-alive\r\nCache-Control: no-store, max-age=0\r\nAccept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version\r\nAccess-Control-Allow-Origin: https://flixerplus.net\r\nAccess-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, set-cookie, Cookie\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: guid=36e39786-c298-4b33-ae38-ad4f6a7a5db4; expires=Wed, 31 Dec 2025 00:00:00 GMT; domain=vmuid.com; path=/; secure; SameSite=None\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"bf4759f423cf9bd8cf5c861c085c129f","sha1":"8e90c1a5662fd2d220b0df839003b2fba9e974f9","sha256":"d9f0177ad298ca39969037e37377be2b660365ba0a14b68949caed2e83c5e597","sha512":"1c45d7b2a655171919beaa34bf2bf5be99b25ee228fab96b8db07f0e414e2f6f3f68aa19d3d2c7c62886118da798901af8c719e9337555348eaf327f1ff68aa3","ssdeep":"","tlshash":"f6a02282e08002b2a3f0380008a20e0200a08080802ef0aaa008000383800c0ac0a20c","first_seen":"2025-12-10T18:59:36.665782Z","last_seen":"2025-12-10T18:59:36.665782Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}