{"report_id":"9613a22f-03dc-48ef-824d-6f6c648f0ca9","version":6,"status":"done","tags":[],"date":"2025-09-29T04:26:12Z","url":{"schema":"http","addr":"neufneuf.space/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=7194721\u0026pdata=http:/","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"104.21.88.140","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"title":"flemmix - Flemmix Online Sans Publicité Streaming"},"submit":{"url":{"schema":"http","addr":"neufneuf.space/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=7194721\u0026pdata=http:/","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"104.21.88.140","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-03T04:26:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":17}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"thewsere.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"thewsere.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"cz.dimpleswraw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"cz.dimpleswraw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"cz.dimpleswraw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"xs.taujubarb.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"xs.taujubarb.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"caudexintrine.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"caudexintrine.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"thewsere.top","ip":{"addr":"212.117.186.252","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2025-03-05","domain_rank":465401,"first_seen":"2025-03-08T15:41:44.90054Z","last_seen":"2025-09-26T15:08:58.932139Z","alert_count":8,"request_count":4,"received_data":4066,"sent_data":2046,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"wrathypenitis.help","ip":{"addr":"212.117.186.92","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2025-07-21","domain_rank":0,"first_seen":"2025-08-21T05:46:19.017165Z","last_seen":"2025-09-22T06:35:16.551049Z","alert_count":8,"request_count":2,"received_data":1079,"sent_data":1099,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"xs.taujubarb.com","ip":{"addr":"23.109.170.227","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-09-16","domain_rank":0,"first_seen":"2025-09-29T04:26:13.734659Z","last_seen":"2025-09-29T04:26:13.734659Z","alert_count":2,"request_count":1,"received_data":92363,"sent_data":422,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"flemmix.monster","ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-13","domain_rank":0,"first_seen":"2025-09-16T09:41:14.553449Z","last_seen":"2025-09-16T09:41:14.553449Z","alert_count":94,"request_count":94,"received_data":2171463,"sent_data":46061,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"reCAPTCHA","description":"reCAPTCHA is a free service from Google that helps protect websites from spam and abuse.","website":"https://www.google.com/recaptcha/","common_platform_enumeration":"","icon":"reCAPTCHA.svg","categories":["Security"]}]},{"fqdn":"www.google.com","ip":{"addr":"142.250.178.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2025-09-28T22:11:46.355495Z","alert_count":0,"request_count":1,"received_data":1717,"sent_data":419,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cz.dimpleswraw.com","ip":{"addr":"23.109.170.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":3,"request_count":1,"received_data":88530,"sent_data":428,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"caudexintrine.com","ip":{"addr":"23.109.170.225","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-04-04","domain_rank":0,"first_seen":"2025-09-06T13:52:58.784738Z","last_seen":"2025-09-13T22:41:13.676169Z","alert_count":2,"request_count":1,"received_data":30619,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"witv.soccer","ip":{"addr":"172.67.196.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-13","domain_rank":646629,"first_seen":"2025-06-17T02:38:29.26863Z","last_seen":"2025-09-06T12:30:11.416849Z","alert_count":0,"request_count":1,"received_data":5382,"sent_data":459,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}]},{"fqdn":"www.gstatic.com","ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":146047,"first_seen":"2012-05-29T15:36:17Z","last_seen":"2025-09-28T22:11:46.419999Z","alert_count":0,"request_count":1,"received_data":817368,"sent_data":494,"comment":"","tags":null,"fingerprints":null},{"fqdn":"neufneuf.space","ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-31","domain_rank":5378150,"first_seen":"2025-08-21T22:46:45.477082Z","last_seen":"2025-09-06T12:30:12.119426Z","alert_count":0,"request_count":10,"received_data":64860,"sent_data":5128,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"bunkersparring.shop","ip":{"addr":"23.109.170.252","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-05-15","domain_rank":187180,"first_seen":"2025-07-22T08:24:24.149351Z","last_seen":"2025-09-23T09:32:45.279916Z","alert_count":6,"request_count":2,"received_data":2775,"sent_data":2795,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/js/libs.js?v=3","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f09e8a538511d1631a964d1177e170c2","sha1":"bb4c80bb5b69c23d180376112dd95366eee52d39","sha256":"b010d496957663b2303af7853b8d411f4df54187184acd52098958065798f26e","sha512":"1ecf69308d5850ebc5f503ec759346a7ce9521753d6df6eedd8a4aec6ff864a096be09b73b61aeb62b35b9675603d57eb65f848a045227c11ef362ada67110ee","ssdeep":"96:g5T9vYUgOxN05zQ7baQc0GiTO4y6RfTOVnRxRATO73gH1YCs:2hLgOxN6U7eGTy2TYmTo3gHuT","tlshash":"a8a1011ab4f22124913f31ad5f9fa1147521552fa20acf007d6c8ae44fcd9a9f262b4c","size":4869,"data":"","first_seen":"2025-05-11T09:20:24.822081Z","last_seen":"2026-04-10T05:18:50.617641Z","times_seen":108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"74830fb1db54e630db0854a51c996baa","sha1":"5e798c5bd06ae0c9a5d37f0581fcd202c2ab9214","sha256":"141f72b6e4c7a53d31622d87723567eb4a3cd4803794bafbac0c61603219511f","sha512":"6d4a7014c2cd3ad6a6dc28cfd09c10eb27d0828583bf1193634e6d93a61133595627f1ca52667fcc1d1259c943429e2f79e678eb5d1a405d2c15fe509c87218a","ssdeep":"","tlshash":"4ad0239d2975c83065a5024a2176e7943560217077a1b104c1dacc6fdf22dd354b255c","size":217,"data":"","first_seen":"2025-09-29T04:26:24.340366Z","last_seen":"2025-09-29T04:26:24.340366Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gstatic.com/recaptcha/releases/44LqIOwVrGhp2lJ3fODa493O/recaptcha__en.js","fqdn":"www.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bd128ad96a567b8a7e60f5a619970583","sha1":"b27c85666c26ff0fd0fb1f484d0f4e8a7e0b028d","sha256":"2bbe0ef3ec01af823e6098cd82b3e6c178d597b1fc43d17bdd9b4ebdf0428c4c","sha512":"a50febeea294ca718cf274799605da240323d67c0c4aca1b96e40456a0bf5721284f819b0fe2e5dd561d81660c6af64e52d6188d6a10826396ea34f81f1c1176","ssdeep":"12288:3R2zVLB7OhPcbGIq0ni4HRzKTs2lvxIxQ:h2zVL0P0+01HRzSlpIS","tlshash":"b0054ada75127aa1d322f4f91073104da33e9565d86c582db1d9caf12eb0c0cb1baeb7","size":816459,"data":"","first_seen":"2025-09-09T11:33:28.978904Z","last_seen":"2026-04-24T23:53:25.712954Z","times_seen":15827,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-25T15:00:23.944218Z","times_seen":18657,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-25T15:00:23.944218Z","times_seen":18657,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"81bfbd249652d15b59441ab7b5047297","sha1":"1624649bde437cbd847a13267e722ab12ed808e3","sha256":"73b30865a4cb646077c9615cb467b2dd9b25cf9ce2ffb35649ff86af5b5dfcfa","sha512":"f13dd16b75fd5682cfa6473fc073f871971bc3d99e453cf4ec1dc19963baa0cbc165ca8d58beba82d6518a8d49ff569cd3965ac5a26f594ccf0329241a8744dc","ssdeep":"","tlshash":"bd1100793b2a5534c5c5818b317ee7a93d3220317a06a084c3accc289d18ec314efdbe","size":902,"data":"","first_seen":"2025-09-29T04:26:24.341679Z","last_seen":"2025-09-29T04:26:24.341679Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-25T15:55:47.137478Z","times_seen":99882,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-25T15:55:47.137478Z","times_seen":99882,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-25T15:00:23.897412Z","times_seen":1799,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6f4aaf3ce0269003fa22a3c58c798f9c","sha1":"0c44995fc174a1e9848894649655b73fcd60bac9","sha256":"59224f9158c566c751f8077805a2cf61c62a8e70dc5f6fe4fba4fa363caa6a6f","sha512":"c1eb7285c813898c77b45d69147235abdc351b8f1d3abdac8d6a7a39de03b58fb94c42661068d3af189efb013bf720ee2cc362f738e596a8a77e7521455e4bff","ssdeep":"","tlshash":"71d023bd2976c43051d4024b11b5e3ac2570316077156645c1c9cd6f7e11ed344b1658","size":217,"data":"","first_seen":"2025-09-29T04:26:24.343074Z","last_seen":"2025-09-29T04:26:24.343074Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"e2ad64b4789b78f4882df4cefe61ae1e","sha1":"f2a7aea0e657b061e2c66aca9a0f45d49fa117a3","sha256":"fb7bec8c44d2de4564c5e80e1779e06690f2b754eedd5bfde0f9ab2a2ece1836","sha512":"bae34b0e9653bd3efd0843306fc1e8b76484d778b51fa2e60c4c2da6a6e717cb0601b8b16833773422369049ebb5a7875a5682058942832c53afa1d5490a8e14","ssdeep":"","tlshash":"16b0129749c470fc1351db40de3737217242946ed8427444e1a00634bc3605fd468d81","size":96,"data":"","first_seen":"2025-03-15T21:10:47.657077Z","last_seen":"2025-11-08T11:37:14.058254Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/engine/classes/js/jqueryui.js?v=2","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c15b1008dec3c8967ea657a7bb4baaec","sha1":"78489e580adaef931e6e5b131dab556c397e4a1a","sha256":"28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3","sha512":"bada3d9a5433aece7d57020b70b89161e2ca3cf6d2fdb4fbd5d6bf38405813071d35493c8d8232f83d7be91628a29d436be7fd9af918ae68f93022d9584b50b8","ssdeep":"3072:FkHOJD1g7SV7opRBbDrtnAcKYvFJi/5PLO1aG0qF2/nwOW16j:q9/KvjOVlFYQ16j","tlshash":"1f44f74d72003a2296dbe2a5103b2a0fa237515da605805cb53dcedf9e7de4431bbfb9","size":253669,"data":"","first_seen":"2023-03-07T01:19:34Z","last_seen":"2026-04-25T15:26:20.1683Z","times_seen":18553,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"fbb7511387bc11bf366aba42a58ec23e","sha1":"eda500db30957325528265b0420fa2215d43f608","sha256":"e3e2451cd755a43dc99daca97d544e076d3b36f102de0646652e36d1d674ef73","sha512":"c876e9b8ebef591d8530cc7c6d4dca3109eba7a4c360e65db08167d3856c751869c9453073385d53be21396e04d47ead77d4c48a8894ea9066c9fb26ce99635c","ssdeep":"","tlshash":"59b01293c89470bc1310c680dd3337217212942cda023040d16141143c0a14fd065a41","size":93,"data":"","first_seen":"2025-06-14T14:10:27.112294Z","last_seen":"2025-11-20T02:38:04.298704Z","times_seen":54,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"cdb83b60c734f75b546b18a24b9a6148","sha1":"6338d29390815304db3f91623cd27896fb5a32b3","sha256":"28909d4ee3ebc4739e8c51488c86056283504d90e426da1fc7a962105e5db59a","sha512":"e121e4edf7d046973eab358f9a71dee0d9165638032748506f75a761f7ae7be67ad18680b178653b1e37c424c557b2459d53bb5257ff42728d3f8d0a69243851","ssdeep":"","tlshash":"01a002955caa71f813519a185a3627226314a95588051094c1504525384d48be5f5a56","size":58,"data":"","first_seen":"2023-04-13T14:51:46Z","last_seen":"2026-04-25T15:16:56.899377Z","times_seen":579,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"caudexintrine.com/1clkn/35789","fqdn":"caudexintrine.com","domain":"caudexintrine.com","tld":"com"},"ip":{"addr":"23.109.170.225","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"cb53128a04be8df17b66c010b13b09c4","sha1":"2c14fc3979e43b970c110bfda58c1d5f31dbb1c9","sha256":"b6f1f7a893271d9a47b897fb95dd012d9ebaaec42af35852e68c4c158eb88ef1","sha512":"c3c352e6f4486369e425fc4147061ae00af91bfd74f3d8cca2ef7ae5d0b400899a802e65128671d3cd9ad434d6529bec554052852d5a96983d714cd57bc4ff67","ssdeep":"768:IhF/JlfdnwRINxhFEsbUFwQbOQI7jmJ8757ANEn1zxO/WW6u:IhFRtDk5wu","tlshash":"00d2e786f6a0f0a607e290a2523f4107f2375914384fc9e0e2a5dda07c6958f967bb5e","size":29543,"data":"","first_seen":"2025-09-29T04:26:24.33601Z","last_seen":"2025-09-29T04:26:24.33601Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cz.dimpleswraw.com/rYfTTRUFQ7t5Ok1/42662","fqdn":"cz.dimpleswraw.com","domain":"dimpleswraw.com","tld":"com"},"ip":{"addr":"23.109.170.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"2a35fbbf880bd9405bc1939a21012e74","sha1":"1f8a631d964915dd2c88e0d70513634d144e95ca","sha256":"21847b7032184bb0d2ac7dab7e908bf6481f4a3fff40039536a03f27210cfbcf","sha512":"adfbf5d16bef51e90352c3315976cc975efd9ac46baed8a578d949f395d443deda391bd8e6a51daac58160066ac6557b61418d3b24420016b2a906e044ef21b9","ssdeep":"1536:hB7BzzFI/qGxPJqvIVvhifTOsxDyvHubd8UT3+7yT0GaXK5GafacQH5QLp:pxISGx4vnyfBUCwyj5QF","tlshash":"7d831db1b77672798f9640e5e132a122d22e0c80308ddcb0e26f5d607f916cad5bd6f9","size":87149,"data":"","first_seen":"2025-09-29T04:26:24.319156Z","last_seen":"2025-09-29T04:26:24.319156Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61fa153f2827c887a48a351ae3c6cfd3","sha1":"5fbd02245cf700ea94d638c8d76924ecca52d330","sha256":"4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c","sha512":"cbe467dc51f0eec90d8b40bc35a1a0eb2c320ac67cc022c518b431987fa05a3d565f793c377d5f33a612555ad4d7ad66acfb4b47ba6323da26db293f095257d8","ssdeep":"","tlshash":"c650000003000000030c0000c000000000000003000030c000c0000000000000000000","size":8,"data":"","first_seen":"2023-03-07T01:03:50Z","last_seen":"2026-04-25T15:00:23.944218Z","times_seen":18657,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"b22d0e5abfaea224b4b80d71538fb62b","sha1":"20e623e2f3343d47ee903b4a9a8f7708bf610ae9","sha256":"1d73348e8d399baeff7636b0eee0825b9424baae34ef54f59280aaa8795df14d","sha512":"c96bd3e6b721225ecf0622f59378046c196b9070fefe407060da3a14b11576be008944611c507d1ae55ac0dbe582d952dbf3c6c4fa0b0c04f7d3d22701326f22","ssdeep":"","tlshash":"5bb012d24c8574bc23548520f5373b367216d538c802a4c0d9e14254384906fd064a41","size":97,"data":"","first_seen":"2025-03-15T21:10:47.668053Z","last_seen":"2026-03-22T10:06:21.622367Z","times_seen":80,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"628cdd84133d1ad933d1967cc1829818","sha1":"6e67d2a10a88427dd2a333ef867f75fbf0dafdcc","sha256":"88d95e4be2d463bab1571fad89c08526a431794fc359e245aaa27f9ac014adcb","sha512":"7ae5b82603089c0712357b5fd0183480466cfd61a9e17596b180060a5479dca3f974970f4ca58ea624963b52c375e4a1dd03416503224e2bf03606999b9dbbe5","ssdeep":"","tlshash":"aab012d29c8570bd0360c510fd333b23720b9479c90260c0eda041543c0404fd069941","size":96,"data":"","first_seen":"2025-03-15T21:10:47.671353Z","last_seen":"2026-03-22T08:51:48.85558Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"e74c60ca30e4a6893ee263c1e26bbd0b","sha1":"a94b845a72cc8e23eb0ae84c9661f3deeee441a9","sha256":"66a8e995660c42a8cda0ede6c5c285bd69a625c8ec4c187f902755617fb5461b","sha512":"e89ce07afd0d50bdb470ad16d929cb6d3cbb34a71629c5f47a1e9b3f0b97616c084b063e5e14d5878c683d5f5e310b63c96744461f62be364805d9da72183dca","ssdeep":"","tlshash":"aeb012d34c8578bc0350c514f5333f227206d838c8036480d9a0c1a93c1c05fd064961","size":97,"data":"","first_seen":"2025-03-15T21:10:47.672187Z","last_seen":"2025-11-08T11:37:14.052502Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/js/jquery.lazyload.min.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"112c8d1b40b3e62e883c743e9d71e0bf","sha1":"338318e930487b2791a7bcf53ad4601630cc41e2","sha256":"ad79ce7e34d1a788809bb853031133de2ae45f3c19ac4955dae46c7490188c2e","sha512":"8cd0ed15feea814d1e1fff99e36146e1fc37c3b0ccffdcdb80d3dedf07c9942ca55434d3dc880a5b9afdd95cbd2076ba539d2fc8ccf981107222ee1821716d69","ssdeep":"","tlshash":"c761868d7f427839f0167a9e831f3106663ed46f81814c54b0c9ece4ececb951236d9a","size":3381,"data":"","first_seen":"2023-03-07T01:10:48Z","last_seen":"2026-04-25T15:53:15.60682Z","times_seen":5086,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c84bfa5f5ad863b33c1636a64d375d68","sha1":"42423fb52b674ec10d82dd09a8d76f30a17322d7","sha256":"5487cd5ad7a2d8f9fee1093fe1b203abd1b5e4f66d7ae527cca8fb57aebcba69","sha512":"0b5ded57e1a04bac994b07ad72ec63beb091b632b08a785689d0c549e2f8f6f06d7c63410efff0f636a27871c43c2fd20e45881e6fe1da8a6807de7328fc4d8c","ssdeep":"","tlshash":"7a3171064e6897f2115338a72cdf286b3de204b85258e10cf89ccbda27d2b1346b5bcc","size":1597,"data":"","first_seen":"2025-05-11T09:20:24.830436Z","last_seen":"2026-04-10T05:18:50.673569Z","times_seen":105,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cc57891f37f378f179e43ab1af196142","sha1":"a1b3c282e7c781715019d31b6e49615b79acbb14","sha256":"2d5ba5902767849532e7a38d12744271c78fedc6a4a66c955315f34d6f491ccf","sha512":"9aef6424bafeee730ca4d25cb307ba774d6497f1d048a2c595a6dbb88d453399181b78f0c5314e16e978605c4eac26d4c77b23b09a2c2ac4b80972e1bf023fd5","ssdeep":"","tlshash":"57e02b2a98e706384cf67e441079da7934f878a4aaa3d057525cc86dcd39fd54c14aec","size":424,"data":"","first_seen":"2024-08-12T18:44:20Z","last_seen":"2026-04-10T05:18:50.796215Z","times_seen":134,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xs.taujubarb.com/tBsV9ESL1WW/33558","fqdn":"xs.taujubarb.com","domain":"taujubarb.com","tld":"com"},"ip":{"addr":"23.109.170.227","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"0831c2b27f4915fa46a34cd8dd879272","sha1":"c9290718e33ee642cedeb2482e1150dd72a62435","sha256":"7c70c57965bb64a7cd832dd7368ba79489989c63dd614d12e7253159b7633fc5","sha512":"6afa4622a215bacc03e3041a34881393c5f7495799e829b77fc3fdf2275214db647385e55e326f744eb4b7fd6479726ea901cc9c1abae6e6213f4d2b86917d74","ssdeep":"1536:90ZypD4MdNdzZVK+E0wlJQJ1jvokvSXlDYNO0Pv:9Y+DwnOjFSIv","tlshash":"e8933b41b651b03a07b244e5a17f4245f2372624784ed090f36decb52eba58fa1b7fac","size":90953,"data":"","first_seen":"2025-09-29T04:26:24.328188Z","last_seen":"2025-09-29T04:26:24.328188Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-25T15:00:23.897412Z","times_seen":1799,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"2af2fe9f1ef81d259b4a2727bcac127a","sha1":"988354722be1ea5e987d6e94253ea49f74cc1893","sha256":"85996aebc1627fe46888ffa15e397c28366bec1d837a9a4c322296be88d105e4","sha512":"460c5dd79fa44ec613bb152c3d527c253ce6a9b6fcb45cf39461adee8909e5afc578ec04251bf7212d966ce873a14ef78539d71461bf544fef070472b0b882ee","ssdeep":"","tlshash":"ceb012d34c8970bc63508510f6333f27720b9539d8027080e9704254381404fd065941","size":97,"data":"","first_seen":"2025-03-15T21:10:47.670527Z","last_seen":"2026-03-22T08:51:48.858487Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"868cc7d5e2341d045438266a4123c35d","sha1":"cc0f72642183e95e6dbaea05b8dad53e6dfa289f","sha256":"ce06291ab5f4b5f76a8ccb4681ff2b1c20b423cf950fe03d841e3cb384090fc0","sha512":"2a857816e92fe9f5340c140c293f779b79d5921c0ba139afe841c50354edd9b4648c753d8fb842a695803d459b0bdab60537019c575ba6afed85130fee90bc16","ssdeep":"","tlshash":"59b012d9049770745b5153606f36d77267584096cd675054c15dc04b3907dcf94a9602","size":109,"data":"","first_seen":"2025-03-15T21:10:47.661377Z","last_seen":"2026-03-22T08:51:48.854535Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"564e5ef2fbfb8eee40398c263486f111","sha1":"6ddfda4c1f0ca9009615a36a4b87665abd3a5e9f","sha256":"14dcdb897055b8c10472e3892694435fd3179bd24a5b62463164ded0f9757a01","sha512":"3d119ca943e524b1c45e2b49c4238af480b52aed4ae3623d20e96ce53f8e92f5da6ee5b2df4c082bc95fbcaf0f9afdbd61192f265c3f27ed99c1410e829a16c5","ssdeep":"192:kP4QTgZeX6/jDA/BsLrPT61k1FkkH+6brs+JelwLPb6PdvF6c:kPGjOs761kLHbrf4wbWyc","tlshash":"d022a58f3d84e03589721cf0243f70d314aa9b5a21be5d4e9750acf87c717686879f9a","size":10120,"data":"","first_seen":"2025-09-29T04:00:15.120986Z","last_seen":"2025-09-29T04:26:24.283636Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/recaptcha/api.js","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.178.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a4e3c35bc300d581527e578fc0906ccc","sha1":"dcffeee70e292177e1096e90942553f4db9599cf","sha256":"523aa3b5dbd55cb310103e5883932ba2325dd1a97e448a673e3205cca142f630","sha512":"e5873fdab5e2290c17f1750f5686ca7294748d1869de6e8989142f1cd4497cff5bd15d317285f0239cd5d927a23f65ca938eb6bd49e97c815f08946bfc24c45d","ssdeep":"","tlshash":"51110e771714e0390b7209e1e5fecbb5e492701cf12845e8e946ded81e6accbce05989","size":1017,"data":"","first_seen":"2025-09-10T14:19:46.057703Z","last_seen":"2026-03-13T02:18:04.057274Z","times_seen":3551,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/engine/classes/js/dle_js.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8bbf490f0b4b687079602ba8e4b5901a","sha1":"2a012c12b71fe17905fd716f07fb18e036b1583b","sha256":"e178fd236a39af9b4b75f8645650cc14dab23cede1bbe6ae29c48b0f40c9f0a5","sha512":"dd5b4fc4e711ed1edae199344a5e20b3d12fffbaba58bfd002724f6fc66114107c80666c6cbcd62a2289b65bcc95f749aa637340cf076d252307c8edd58f4384","ssdeep":"384:8kjpjti+yVCSHjbBzntcJp+ExLkvb5vPvJN5IvQnlQ8Z11ezlMWU:Vjpw+yVCSHjlztcJoExMNg21ezla","tlshash":"a0d2c71df0a57a2f07ff23ba25af545a90340b22bb004d49a92d93851d76e4dd2b3e3d","size":29127,"data":"","first_seen":"2023-03-14T06:05:07Z","last_seen":"2026-04-15T05:52:46.24505Z","times_seen":205,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/engine/classes/js/jquery.js?v=4.2","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"12b69d0ae6c6f0c42942ae6da2896e84","sha1":"d2cc8d43ce1c854b1172e42b1209502ad563db83","sha256":"6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f","sha512":"a55f55d56899ab440ef0cae17b28d5cc8f5b9766d1e9bc1a8ac6b89376924b476c1ab0c325497eb5d44af41f4ebf8eea236d87a36902244b8a3eca54994b8711","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakV:AYh8eip3huuf6IidlrvakdtQ47GKl","tlshash":"e893f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89475,"data":"","first_seen":"2023-03-07T01:02:27Z","last_seen":"2026-04-25T14:23:46.292483Z","times_seen":15199,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6f4aaf3ce0269003fa22a3c58c798f9c","sha1":"0c44995fc174a1e9848894649655b73fcd60bac9","sha256":"59224f9158c566c751f8077805a2cf61c62a8e70dc5f6fe4fba4fa363caa6a6f","sha512":"c1eb7285c813898c77b45d69147235abdc351b8f1d3abdac8d6a7a39de03b58fb94c42661068d3af189efb013bf720ee2cc362f738e596a8a77e7521455e4bff","ssdeep":"","tlshash":"71d023bd2976c43051d4024b11b5e3ac2570316077156645c1c9cd6f7e11ed344b1658","size":217,"data":"","first_seen":"2025-09-29T04:26:24.343074Z","last_seen":"2025-09-29T04:26:24.343074Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"37b61fb62430e9969f49eba1c30fd903","sha1":"e04abbd07d7ba9f135088c0625257ee54f3eab81","sha256":"a52f65e06937963e341be8336440765f65b96abdce77b5e628a1305594961469","sha512":"d7a5826e9726a1ad1eea2eeafa2271d1532b396706733f648e3b654e541324f1ab4b2b4840b8f8cd8774afda507889434a26e9910c954562337ead4a554c77e8","ssdeep":"","tlshash":"d1b0129248c870fc0760ca80c9333725b617d95ed8c32441d66441283c1405fd4fd9b1","size":100,"data":"","first_seen":"2025-03-15T21:10:47.663817Z","last_seen":"2026-03-22T08:51:48.848564Z","times_seen":73,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8eb535a27a1a7d66accfc8ce7daac7cd","sha1":"43d6ed7e36cb2580520fd0edab4fad81619202a8","sha256":"4b0bb385c1b4821737962c3e0a6e1c087783f6dd096c21e46e63a5051d4dee50","sha512":"d4047e2c8d53a9df0f7d392acc4629fe99abce9030c2ee680afd176d1b0590b05de84b164402c7559eb76af94f71dd0101e93fc28b570c61e9ea89429dd5305d","ssdeep":"","tlshash":"e211c0793b2a5534c9d6418b317eeba93d3260717b02a044c3adcc699d18e8714efdbe","size":902,"data":"","first_seen":"2025-09-29T04:26:24.458803Z","last_seen":"2025-09-29T04:26:24.458803Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"787d36560e9424ebeae8e800c73bf2ad","sha1":"59ced43406fd61c6a4f154acf26f4cce23779073","sha256":"7fdd2ba2c2306198b88f2518af0eb9b548dc50623897992e16e2d5edc90b82e9","sha512":"5ee7bd5da4fb8bb391881cd7429f485d21115a198bdc349613d496e95292861666d0439b784bb93c95dbeffdc1b732b01b53a7c3edfbea32435454027aa17dce","ssdeep":"","tlshash":"53b0129f256201482753b031453b6108707332af2448c7447808595a1f113ff2453ac9","size":101,"data":"","first_seen":"2025-09-29T04:26:24.469292Z","last_seen":"2025-09-29T04:26:24.469292Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e3ca84c1b3ee845e14b5128d005822bb","sha1":"909308ab3f65b86db2b79fd3b537558d1c65fd72","sha256":"0599280c17c9e0904c8050be706cdc68b792c74279a7ce21b27174675555100b","sha512":"04ceac7b2936501c9ee5708f6a51548f03d15926d501a4134ffc7c34e5e6465d273ec05fdecb2b97262f872f99ddc8b68bfee56d43ead69844b06d0c1a1a272c","ssdeep":"192:wnxH1FqL/BwmshB1G5AL1+1O9QleU+dhacAZZaxbM+7vC:wYNwxG5ALsmgeU+d4cAZZioJ","tlshash":"4822c48f3d89e02595761df0643b70d711a98b2a20be5e5e9740ecf87c31768287df8a","size":10102,"data":"","first_seen":"2025-09-29T03:47:39.298829Z","last_seen":"2025-09-29T04:26:24.285811Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"09879f34312d66976412310a958c65a0","sha1":"5b9d83401ebd4d57e395771c9af9879b10f0ce03","sha256":"21585a9072857a67d7a0541dd8ec6f33dbacf46ecd0c7d9edd1750ccac9d8b49","sha512":"c578a53d9d439e37e848813b6c19e8ed32270b709acabeb3f13f092bfa8da2280899763f1df226c135e8e39805c85199db23ba22729557698b74701ecb265912","ssdeep":"","tlshash":"0eb012d24c9670bc0364e910e5333b3672069638cd026084d9704154381404fe068941","size":96,"data":"","first_seen":"2025-03-15T21:10:47.657882Z","last_seen":"2026-03-22T08:51:48.842115Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"79f0d4bc26f8a324b692a11ca6f5a482","sha1":"8d893277b4c30ea0c26eca24effb37915855a59f","sha256":"a6472e7288ea1a9113dc60a17235a5f059cfa5006fd3264b5853b13965740160","sha512":"aaccf3fbd21916284430855ccaa5c1ab32420016ca1a24866729e0daa3598169bf5e24febf84b1c0105f9afac5cb215812c9287f94ba5b8eed01d3b5ada9d259","ssdeep":"","tlshash":"5041220abbfa01007c6b30351bbf1104a276101be54aed237d4e17e45f8965d56fef5a","size":2095,"data":"","first_seen":"2025-09-24T16:24:04.275611Z","last_seen":"2025-09-29T04:26:24.489243Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/js/owl.carousel.min.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f416f9031fef25ae25ba9756e3eb6978","sha1":"e2a600e433df72b4cfde93d7880e3114917a3cbe","sha256":"a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d","sha512":"6cfb3b01eea956f84e4a221cc940a547bfead8e02c462a2fc38bc0917fb325bc374a101e7aa7b3ab9d11208708511abb39adb4ad6da7daaf9fc9704d714f65af","ssdeep":"768:UCI7dmuMFAAJG4dlQKNORpnXGAtep2lcwJeL+wr2RSGc7UuHjRUQuFBt33:PITMFC4dbMVRSGcgRDV","tlshash":"e7137346b3202d2a869b61a0663f160bb23a241ce414547d7d79e6de6d7dc8c213ffbc","size":44342,"data":"","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-04-25T15:48:41.109391Z","times_seen":51192,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8b5c6ec2f974edb91c3d3d0141e672c7","sha1":"da8cab3f1ab14e393af407a273a0f88bd4164c17","sha256":"c3648d14eca047d00da8004c4d895abc323f6a27be9e315b57e37cf9d27c3fd4","sha512":"fd53fdf5cb57bfa2e0bee4b8008b9633d59014afae6c09ac5ab8d3ab5913dd4a201bb51a121c60f2690b581afc83ba4043e29a3e2d40b88b7a644643fac97e60","ssdeep":"192:v6ajQYzw5QgrIkw912ztBdzdVxaMpkXf14L/Jiv4BwLvo:SjOwFw9Sj5jpnNFOLvo","tlshash":"7c22b58b3d84e034c9721cf1242fb1cb1499ab5e11be0d0e6744e8f87c757a96879f9a","size":10027,"data":"","first_seen":"2025-09-29T04:22:51.689701Z","last_seen":"2025-09-29T04:26:24.271672Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-04-25T15:00:23.897412Z","times_seen":1799,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e3ca84c1b3ee845e14b5128d005822bb","sha1":"909308ab3f65b86db2b79fd3b537558d1c65fd72","sha256":"0599280c17c9e0904c8050be706cdc68b792c74279a7ce21b27174675555100b","sha512":"04ceac7b2936501c9ee5708f6a51548f03d15926d501a4134ffc7c34e5e6465d273ec05fdecb2b97262f872f99ddc8b68bfee56d43ead69844b06d0c1a1a272c","ssdeep":"192:wnxH1FqL/BwmshB1G5AL1+1O9QleU+dhacAZZaxbM+7vC:wYNwxG5ALsmgeU+d4cAZZioJ","tlshash":"4822c48f3d89e02595761df0643b70d711a98b2a20be5e5e9740ecf87c31768287df8a","size":10102,"data":"","first_seen":"2025-09-29T03:47:39.298829Z","last_seen":"2025-09-29T04:26:24.285811Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"74830fb1db54e630db0854a51c996baa","sha1":"5e798c5bd06ae0c9a5d37f0581fcd202c2ab9214","sha256":"141f72b6e4c7a53d31622d87723567eb4a3cd4803794bafbac0c61603219511f","sha512":"6d4a7014c2cd3ad6a6dc28cfd09c10eb27d0828583bf1193634e6d93a61133595627f1ca52667fcc1d1259c943429e2f79e678eb5d1a405d2c15fe509c87218a","ssdeep":"","tlshash":"4ad0239d2975c83065a5024a2176e7943560217077a1b104c1dacc6fdf22dd354b255c","size":217,"data":"","first_seen":"2025-09-29T04:26:24.340366Z","last_seen":"2025-09-29T04:26:24.340366Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/engine/classes/js/custom.js?v=5","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"78b032a9487af32279dcdf4f59640816","sha1":"ec535565b35bdfb48589839a90b8b8ae0f7171fb","sha256":"521d281cedc317d6ea982458b58e1306cf768f4946676b2714b246de421f84fc","sha512":"113394694024586b431d711f411b1c9902b07411be281bef55c9456a63f2162fb72fbfac97603b0bfd07d0568433a9ac1212d7b3e9c090846503b1eb6e0e94bc","ssdeep":"","tlshash":"da510005739290e1503f50ab9f3b62546e29e84adb1bc5edf8bd4f801f0919eb81798f","size":2858,"data":"","first_seen":"2023-03-14T06:05:07Z","last_seen":"2026-04-10T05:18:50.586202Z","times_seen":204,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/style/owl.theme.default.min.css","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/style/owl.theme.default.min.css HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 331\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 21:59:51 GMT\r\nlast-modified: Tue, 16 Sep 2025 06:03:17 GMT\r\netag: \"3f5-68c8fda5-bbc6103943ac2bf5;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 370246\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=O1NQ6ZDD%2Bhg81SvXrYv1VvXzivQQgDTWQzmdozl%2BKCqbzQllR88jgZpfxeEEmGlV5%2BVVXgZOYKw8zYnH%2B007V%2BA6l9QUtzN4JfR1wC4%3D\"}]}\r\ncf-ray: 9868b819689156b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1013,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (846)","md5":"594b81805a98b267e47c70a8fad30d9f","sha1":"684d84ec40b305ca14efc88c91f12972cb6342b4","sha256":"924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac","sha512":"b0c5ed30d2f5cd1ce894760a12e8ccd80a822d447d1760b8ff4e5c75bc638cb491bcc40872210f090668fbe9e4ee0a3706d4ae2bd91f6bfb3e6b87f88b9a4b93","ssdeep":"","tlshash":"4d11abc5f189221d301781904aa842cb6b1e687e529d0ef5f8ee8160c22dd053a6fbf9","first_seen":"2023-04-05T06:03:14Z","last_seen":"2026-04-25T15:48:41.179186Z","times_seen":19754,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-75e5-63c7-bfdd-4c27.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-75e5-63c7-bfdd-4c27.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19948\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZMhvlBaAXUcsP4cI5N5WTZbg97dZpZnPtXeJL1F8VVrFjnIMjLJ05gMN4SwWe44UH3iEq1xSobRD3cUR7S5wxuhdkQNpslupTg9MtTw%3D\"}]}\r\ncf-ray: 9868b819689c56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"3cf1337f7476ab21d74a5c6ad4918d38","sha1":"534a54e747fe597f9cb0dafe6cb80fd9f94a9d53","sha256":"f2f4c9664df0881eed37d739d135983a7affd8aa2d6f40f73accc168dbc33392","sha512":"fe4ae6349d73c80a79ffb7215da066a2516ed4551dedd09b58116419954e6c3c15ac529815a546462ed030a9914c6f06d24b6c4c0e86051704c3d12ec80646d8","ssdeep":"384:GfzV8NpqO0NWeXoKz8lxY1YabmoNJLSCjlEEpJffi4/GzjPHj:GfzV8b0NWbKz8lxY2+XxE8r/Gzjr","tlshash":"a292e0bb94b742424fb2077bf5c6dc2217a31d59ec8269bb09b08a0cd858df89907999","first_seen":"2025-08-21T22:46:51.020876Z","last_seen":"2026-02-22T18:45:37.390222Z","times_seen":24,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-1613-e11f-cd80-4836.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-1613-e11f-cd80-4836.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19992\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5riAzX%2Bq34HUCv122cgEeRs6wnPVFLbgvaDasmmeHiOY%2FmUi0g0QUWJCr1pHehhmQUIgYeGhlwaAGZAlgQk9XKis2wUnlJaxCeWysUU%3D\"}]}\r\ncf-ray: 9868b81968b056b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19992,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"59be83435d9e7cd397bc6c9849341ab0","sha1":"7ea059302462d81c0747ebbc62b3d761ffc3c00a","sha256":"59b29ca0955af71ebfe767cc3c883211adc53f1c7ed8df4364de3fda197cbd64","sha512":"1269f1407f80f4854373879e9866caa8a0c869aa129e9e4c1ac6727677c8a3a32f3b5a8a1bef63908c8c0d50e3976032fd7dd184e4fbe6bb4fa785d030fa6d23","ssdeep":"384:Gf7IsHrYz2lW1JuSLcbzkoj1V91syEslpt/GCpqaaLc405BRNC+:Gfss8myJuSwbB5//7qhYlBRNC+","tlshash":"4992e19751d5c4fa9f1f8239dbc1ac0e17e6070de5aa86b10701c6b7cb19db1e824f14","first_seen":"2025-06-01T04:50:53.010224Z","last_seen":"2025-09-29T04:26:24.26631Z","times_seen":33,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-a65e-bef9-7340-4470.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-a65e-bef9-7340-4470.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22900\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xmvywz4Meo3lJ%2Fwx5N2hE8I6XbWVMrGwcw6Qjlep1LNDBsFSKnscQ4dkY8DgbaI8FOUPb0N5EFlLchjYkzKnhOFuNr06cQB5koc2ADk%3D\"}]}\r\ncf-ray: 9868b81978d056b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":22900,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"324e05fac96c9fa518cf262e4cd17923","sha1":"67533989043bb873edd5c38952a6f9d6ab4499ed","sha256":"87225e38c14a7c21c9e4c78e590e2d8bbd6e2fb4bb2547cc208ab38c8e554b35","sha512":"d6a16d80e417dc7713977e9d9a6637fc2b96824f0366bb6412876d38da85d9dfbad5cfa2c6c524ba72481e0a677d73e36d91d997174377370778a7fd7a73458f","ssdeep":"384:GfLXWmlnDBliRagHXwkL8FlLfeQ2tA1pOl6U6x7bLVwzzsjOuTV:Gfqm1Dew76/AfG6hx7b5wzzsjDB","tlshash":"2ba2d12c9a6a55e6fb9737c0928756ba286c33a50ce8f3ec148513fb5a01c78605c0fb","first_seen":"2025-09-29T04:26:24.26687Z","last_seen":"2025-09-29T04:26:24.26687Z","times_seen":1,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/engine/classes/js/jqueryui.js?v=2","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /engine/classes/js/jqueryui.js?v=2 HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-length: 60112\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 16 Sep 2025 06:01:17 GMT\r\netag: \"3dee5-68c8fd2d-909a6eb322414206;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 4509\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lCimCHKhRIIWHoJFyvRMNZVIR6WQBTYgVkdWkqbhjqCOOHzcpY7kl579Xr0kJCdM0Uqr7MQEPx1SIzEX6W%2FH5z1%2FRZyDLkSmJUPaW5U%3D\"}]}\r\ncf-ray: 9868b819d90a56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":253669,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32074)","md5":"c15b1008dec3c8967ea657a7bb4baaec","sha1":"78489e580adaef931e6e5b131dab556c397e4a1a","sha256":"28ce75d953678c4942df47a11707a15e3c756021cf89090e3e6aa7ad6b6971c3","sha512":"bada3d9a5433aece7d57020b70b89161e2ca3cf6d2fdb4fbd5d6bf38405813071d35493c8d8232f83d7be91628a29d436be7fd9af918ae68f93022d9584b50b8","ssdeep":"3072:FkHOJD1g7SV7opRBbDrtnAcKYvFJi/5PLO1aG0qF2/nwOW16j:q9/KvjOVlFYQ16j","tlshash":"1f44f74d72003a2296dbe2a5103b2a0fa237515da605805cb53dcedf9e7de4431bbfb9","first_seen":"2023-03-07T01:19:34Z","last_seen":"2026-04-25T15:26:20.1683Z","times_seen":18553,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-e681-9844-0f40-4763.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-e681-9844-0f40-4763.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 21950\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ygrn5vfmNHXW0wi9SILNr7oC1xwwJ8%2FhIKi%2F5gnglvXxi3ldxt0dVL4ZT55FaHT19aeCWZ6wND4RQRDcGBWq%2BSoA2ZbwlI%2FvmOuWVnE%3D\"}]}\r\ncf-ray: 9868b81968a556b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":21950,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"a3717369cd511e3aed8c320b58b55e82","sha1":"46bd07e2ae3eb7bf13fef6e1aca8f57e2b6a649d","sha256":"2c8c51635f3c5e202ceb6c76fd00d58ce494555f23ff2ce2a4335e54e04b83ea","sha512":"68158344201c66c8861ee97c36a44245ece44e7af68522c2c096f5b63d4fe3e26e681c461a92fe6d5a7206b1dfb034f931d07ee489c017b5f496cca7999dd71b","ssdeep":"384:GfhYX7MRky/G6QzkR2DAifTM/BaFPg4XTLwloCtIPNQKEZG2elUVpAo:Gfhkwk36Qwnifw/ag4XX0WNQKiGHlGpr","tlshash":"00a2d0b347138bdda116e2b50618df6410e74ec631d4eab4a2a4ea0a97c1cfc4f195e9","first_seen":"2025-07-05T18:20:15.986954Z","last_seen":"2025-09-29T04:26:24.268581Z","times_seen":24,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-d088-411c-78d3-4334.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-d088-411c-78d3-4334.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22149\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=63ke1utPbw0TOJc5h%2B%2FvfcFCUhSyLKwhsst0p8%2FwMIsQyszMA2BgfhJEQH1oeE5xmLeWrmhtI9JFGb%2FyE%2Fo2ICqU%2B3Pe6tVVlAd0PO4%3D\"}]}\r\ncf-ray: 9868b81978ca56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":22149,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"f3844d5b2365fe177caae892c9ebdf0d","sha1":"0c00adaf9edcdcb3d0148d8fefb0406f3798439f","sha256":"a7fef07261c161367f8d10ce89b1c5da4f0e50288201049e4efb42dbe39b270d","sha512":"07c5e0c0ca56ccbbabcdc888e67b8f8e4d001b69822bf8783f046592a56e4e087c05c292aa7a6ecb3e0c644a5ceef51e96f075f87ad61586421029ae90338804","ssdeep":"384:GfOKD3kDYvTBMTSjUgEOvNOb3tRK+sZQOt8rr2cN0AxMXeGn8:GfOKDKaeejU79BsZd+rUAxieGn8","tlshash":"69a2e08b538914e37b1a6aa408d3b5785c4b0715bc5e76f30a5a01d9de8c8fa7d383ac","first_seen":"2025-09-29T04:26:24.26918Z","last_seen":"2025-09-29T04:26:24.26918Z","times_seen":1,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_clearance=KUVAgQRGF8GVMYMqUp1bg9U0EUcovdq_Ah9jTUF8hUY-1759119953-1.2.1.1-8lar0c6RH1.QPuwPJnPxv96N44P5A9W710UDdtWLy4flXMy5WSCDLceBrI7QbG.YY9bnfUu8RF6S_ePtzyftTXI06ffA85e.6W_jMivavuCDwLat6u8r1lxACu1fUbTKP5bTrGSFghwkXHoy3sZRPPU9Aq7El3bAwcMB669uZT7tGrlckH0jzy6mcEd8JdQbb8b809qIaFdLOJciqMQ4Wa.g9gjVYwhQxFUDb9RdhwI\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\nlocation: /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\ncontent-length: 0\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\nserver: cloudflare\r\ncf-ray: 9868b81b99a10731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10027,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.gstatic.com/recaptcha/releases/44LqIOwVrGhp2lJ3fODa493O/recaptcha__en.js","fqdn":"www.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /recaptcha/releases/44LqIOwVrGhp2lJ3fODa493O/recaptcha__en.js HTTP/1.1\r\nHost: www.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha-scs\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups; report-to=\"recaptcha-scs\"\r\nreport-to: {\"group\":\"recaptcha-scs\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/recaptcha-scs\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 348491\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 23 Sep 2025 00:51:12 GMT\r\nexpires: Wed, 23 Sep 2026 00:51:12 GMT\r\ncache-control: public, max-age=31536000\r\nage: 531281\r\nlast-modified: Mon, 08 Sep 2025 21:04:05 GMT\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":816459,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (561)","md5":"bd128ad96a567b8a7e60f5a619970583","sha1":"b27c85666c26ff0fd0fb1f484d0f4e8a7e0b028d","sha256":"2bbe0ef3ec01af823e6098cd82b3e6c178d597b1fc43d17bdd9b4ebdf0428c4c","sha512":"a50febeea294ca718cf274799605da240323d67c0c4aca1b96e40456a0bf5721284f819b0fe2e5dd561d81660c6af64e52d6188d6a10826396ea34f81f1c1176","ssdeep":"12288:3R2zVLB7OhPcbGIq0ni4HRzKTs2lvxIxQ:h2zVL0P0+01HRzSlpIS","tlshash":"b0054ada75127aa1d322f4f91073104da33e9565d86c582db1d9caf12eb0c0cb1baeb7","first_seen":"2025-09-09T11:33:28.978904Z","last_seen":"2026-04-24T23:53:25.712954Z","times_seen":15827,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":74,"dns":1,"connect":15,"send":0,"wait":15,"receive":59,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-79d5-9aab-6951-4366.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-79d5-9aab-6951-4366.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14893\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A7V%2BGMCfe1w9rv1aiYKfwOu22C27iJVwgR8ZSX8kFJYu975WR8CN80jelDGGYJFeWpRLxQiEU7y2oX6ckacYi%2Bek83UzQlhQoT1p%2Fos%3D\"}]}\r\ncf-ray: 9868b819689256b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":14893,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"41a63c0bfe531756c2988a1292190815","sha1":"6a6872ca68073d25eb9a960094a9611817c193a1","sha256":"dd640d1be4da6564a421f1455b067db5276b78bbc6d123a4f413e5ba476edd08","sha512":"91c11b28a9bdcfde007a91d8c16444d071e1ab79106a767dd3da972dbb58361cdbd5144abf897c3f894c5215e58b55ffba05d30b1057d265cb204006deee2f63","ssdeep":"384:Gfz8LxZMZndsDvU5SyLL7rWMTxQLWqzP39sVylRQVBtwyqhE:Gf2MZndso5SyLnrFx1kP3Uy83kE","tlshash":"ff62cf8798151a0b1b679370bf075a84f2eacd2404d026b8995e4e798712fb8cb53fdb","first_seen":"2025-08-17T15:20:54.312394Z","last_seen":"2025-11-26T19:31:16.786651Z","times_seen":16,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":66,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js? HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cf_clearance=KUVAgQRGF8GVMYMqUp1bg9U0EUcovdq_Ah9jTUF8hUY-1759119953-1.2.1.1-8lar0c6RH1.QPuwPJnPxv96N44P5A9W710UDdtWLy4flXMy5WSCDLceBrI7QbG.YY9bnfUu8RF6S_ePtzyftTXI06ffA85e.6W_jMivavuCDwLat6u8r1lxACu1fUbTKP5bTrGSFghwkXHoy3sZRPPU9Aq7El3bAwcMB669uZT7tGrlckH0jzy6mcEd8JdQbb8b809qIaFdLOJciqMQ4Wa.g9gjVYwhQxFUDb9RdhwI\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\nserver: cloudflare\r\ncf-ray: 9868b81c09a40731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10027,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10027), with no line terminators","md5":"8b5c6ec2f974edb91c3d3d0141e672c7","sha1":"da8cab3f1ab14e393af407a273a0f88bd4164c17","sha256":"c3648d14eca047d00da8004c4d895abc323f6a27be9e315b57e37cf9d27c3fd4","sha512":"fd53fdf5cb57bfa2e0bee4b8008b9633d59014afae6c09ac5ab8d3ab5913dd4a201bb51a121c60f2690b581afc83ba4043e29a3e2d40b88b7a644643fac97e60","ssdeep":"192:v6ajQYzw5QgrIkw912ztBdzdVxaMpkXf14L/Jiv4BwLvo:SjOwFw9Sj5jpnNFOLvo","tlshash":"7c22b58b3d84e034c9721cf1242fb1cb1499ab5e11be0d0e6744e8f87c757a96879f9a","first_seen":"2025-09-29T04:22:51.689701Z","last_seen":"2025-09-29T04:26:24.271672Z","times_seen":2,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://neufneuf.space/","date":"2025-09-29T04:25:49.396Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1\r\nHost: neufneuf.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://neufneuf.space/\r\nCookie: wssplashchk=e7bbd9a18ae3c428649bc11a6493b47ac1540509.1759125037.0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 29 Sep 2025 04:25:49 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nExpires: Mon, 29 Sep 2025 05:13:49 GMT\r\nCache-Control: public\r\nVary: accept-encoding\r\nX-Frame-Options: DENY\r\nX-Content-Type-Options: nosniff\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cEAJlUIwSrHr%2FoBSpl9tqd3hTWbiDUuoz7LZHcTYPVq5K7XhlXCvnntrkYA04yI4WcAg0xzRpRCqnllRnpmg38NwCqhavhYofdAarQ%3D%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 9868b803ba93b4fd-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-25T15:55:47.137478Z","times_seen":99882,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/cdn-cgi/challenge-platform/h/b/jsd/r/0.9936750926767817:1759116286:F6xQCnpikQQGxJBeU1LG9jF4-yCK5TlKUybIaxb7otY/9868b8027a54b4fd","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://neufneuf.space/","date":"2025-09-29T04:25:49.487Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.9936750926767817:1759116286:F6xQCnpikQQGxJBeU1LG9jF4-yCK5TlKUybIaxb7otY/9868b8027a54b4fd HTTP/1.1\r\nHost: neufneuf.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 11500\r\nOrigin: http://neufneuf.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://neufneuf.space/\r\nCookie: wssplashchk=e7bbd9a18ae3c428649bc11a6493b47ac1540509.1759125037.0; cf_clearance=IzYojDaEELb7CWcw8C7nO6RpYB883rZGvgySaSGYDgw-1759119949-1.2.1.1-_S9WY9.k83LBD6OnFjOiLbxOnCXNtrpWR2v8.pIFVbzA4gJrr_anT3H.wzs4dsXT9XHPvukHa1NUM9C0SvkuYfMchu3Uw.Su3TEv6e18WsjPxbYITCbz1hjMudnE8nrMbEqRZo5KqcERLhcQu75ie6kXGfm7ibIMlIiFmDhnbkBnwrma8_6TMbJ9CQwzCv9ZYAlsqg2PajPIZS1iVL0NG24Ka6bYjzwyE.7uZ5Mk7D4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 29 Sep 2025 04:25:49 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nServer: cloudflare\r\nset-cookie: cf_clearance=qP2ogf1Vp1l_KOW8rmzxVlFNYD2HUrEngMYyVRVCMqs-1759119949-1.2.1.1-Zd8Sn8n7A8fVymaKl534tbsHzvVSrvPmRI1rPG2ZkQfLwckBpk6zXC6u8RWPOr7AKtRf8q6oMJZx1LMxQPoK5qHWn7mQFRCuzXLk5rrfHQavHwqt1z3AUZBwClccRCXaLIQhmZsE7pRGWPcAc2I8QSRaEW6ZofvJpnysu82twSswYazCZS9G4PW3LqgkbmHPoCvYgs6_KKDLj6SebAloFwDqaOS4JFg2LgTINzOFh1g; HttpOnly; SameSite=Strict; Path=/; Domain=neufneuf.space; Expires=Tue, 29 Sep 2026 04:25:49 GMT\r\nCF-RAY: 9868b8044d2a723c-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/style/font-awesome.min.css","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/style/font-awesome.min.css HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 5632\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 21:59:51 GMT\r\nlast-modified: Tue, 16 Sep 2025 06:03:17 GMT\r\netag: \"7917-68c8fda5-771a78ba890ead5b;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 370246\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j03xUx%2FHgk3Wi7U%2FWgomkWff4JeqGNLUDZ0yvD01J9%2BLg3AcrjpGVxp5%2FVUeY5IAxVrY08g6HKafDPsCdZ0wa6M%2B34ZqaE8TELjo4Xs%3D\"}]}\r\ncf-ray: 9868b819688e56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":30999,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (30837)","md5":"008e0bb5ebfa7bc298a042f95944df25","sha1":"93897ebc560b38a1d2bff43c22dd6a3b7ee90c0c","sha256":"c4047043368afb4baf1aed25d358a5c2a333842a3b436b58491ab36aeee65b9d","sha512":"3f43f1a813b8188e7f8d296999491f99aff9010060f3e26b20ec32502fa76926361eda0644cdd20995661119206376c74516ea2a63ec4087fe88443aa3304022","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8E:wwlr+Klk3Yi+fwYUf2l8yQ/e9v3","tlshash":"b2d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T04:30:10Z","last_seen":"2026-04-25T16:06:21.361941Z","times_seen":32056,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-6797-c896-60a7-4b10.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-6797-c896-60a7-4b10.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 26285\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iSQOC1IvZbasuhBprR0zfDdo11P4uUjKHXA6%2FlqGo4xtpD4vaoEcssMGihyEhf76AxPGtD2ZSqnSkH4hIn8LnXCNQeFLLU9agK86Scc%3D\"}]}\r\ncf-ray: 9868b819689956b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":26285,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"3b9812cc01853f14921428b84762ea28","sha1":"4b12ddc4f9ac9041f26bf3d2355e2456a38b0acd","sha256":"b13e74a2f172e6525512a5be57376832831fe930e3caf05b9967dcbf8aa0632a","sha512":"f59d6c4747bfedcb158944ab9d4078efd60903b1b1a40bc4fcf7826ff6f1b174fc6baa50c87b667dfcd6ff8d62b29bc658fecc8ca4785702f21bc1ed79b48f36","ssdeep":"768:GfuzOUDNYFFaB8Eu065QIiBX05R6Yu2bheWd4cj+/np7:I8dNY3mu06uBX0RxeWd4hp7","tlshash":"52c2e07dc59aa0531b970637d3af5ece088025fbe6e024b9342bbc9181abcb942d07d1","first_seen":"2025-09-06T12:30:17.491878Z","last_seen":"2026-02-22T18:45:37.419526Z","times_seen":16,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: application/javascript\r\nexpires: Mon, 29 Sep 2025 05:13:52 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FHS8wJV998GvTIxhWaVDYIlfM04a%2FOKTI3JQa4bHFTztteFX%2FGSLkbaZwpx04pg%2FQuXavJQGH9x2ToCnmkJRjZA8qSnmQTZNR2Yxu18%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9868b819a8f356b9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-25T15:55:47.137478Z","times_seen":99882,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/engine/classes/js/custom.js?v=5","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /engine/classes/js/custom.js?v=5 HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-length: 564\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 16 Sep 2025 06:01:16 GMT\r\netag: \"b2a-68c8fd2c-bc75ebbbf7275197;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 4509\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BKWrqnxyr3jageQEPBQktVLaL7pGlSuZvh9NgRHjQZnkV03wmI3e66mJ5rRJ4exfuF0e5z3jrZ5L2F3k%2FJuXw7VjmLIaCD6f1lSV2yc%3D\"}]}\r\ncf-ray: 9868b819d90856b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":2858,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"78b032a9487af32279dcdf4f59640816","sha1":"ec535565b35bdfb48589839a90b8b8ae0f7171fb","sha256":"521d281cedc317d6ea982458b58e1306cf768f4946676b2714b246de421f84fc","sha512":"113394694024586b431d711f411b1c9902b07411be281bef55c9456a63f2162fb72fbfac97603b0bfd07d0568433a9ac1212d7b3e9c090846503b1eb6e0e94bc","ssdeep":"","tlshash":"da510005739290e1503f50ab9f3b62546e29e84adb1bc5edf8bd4f801f0919eb81798f","first_seen":"2023-03-14T06:05:07Z","last_seen":"2026-04-10T05:18:50.586202Z","times_seen":204,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/style/owl.carousel.min.css?v=11","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/style/owl.carousel.min.css?v=11 HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 881\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 21:59:51 GMT\r\nlast-modified: Tue, 16 Sep 2025 06:03:17 GMT\r\netag: \"d7f-68c8fda5-54f0db17723fe2cb;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 370246\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RA2xTs2FGElYCJs3Jpp%2FiyicR2E7KDPRZtGGKd4Wsgrx3FiB4Asrkdg6OorjY6R6gYJgsqq6dpjF6UkWwvVpbPnoxlx1aIy2bq06Ajg%3D\"}]}\r\ncf-ray: 9868b819689056b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3455,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (3288)","md5":"7fa5013d360a7c9377b7516a46eb8223","sha1":"da84644fa14e61438e27050182c280b8b0bdcff1","sha256":"38e03e7dc781e887aaa70975aa0cab0ae5b5a06f8a1ebaa1694b2680c138bc45","sha512":"bde650543c22b524ab23963c5b9acb019b7f1247cfeeef64a2f4310c80b79c8d468830e53a2a53a2a5c91a7d79a3a9d2fe36c0ef52d723cd325e84605315d654","ssdeep":"","tlshash":"4661dbf5315a215f590f831219d81e86393dc842d8660a9a92fbd71487dae2d213ffcf","first_seen":"2023-05-11T06:10:11Z","last_seen":"2026-04-15T05:52:46.239875Z","times_seen":141,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-d930-b1b1-5813-4d9f.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-d930-b1b1-5813-4d9f.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 21269\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q83kQoI2ttPKeco4UQ1Ojx7uY%2FM%2FCXq5dseD3mzxcIXEES7w94fLrcsUZrXPR3qD5gTlKX9PuYHzGF8BSPbfhuMwalDe2XOSYE1dqWU%3D\"}]}\r\ncf-ray: 9868b81968a656b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21269,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"fc0158e5ac64b4b47408e9e66cd8ed83","sha1":"ac0bc33f52f2abf422feb273831cae86607adcaf","sha256":"d0613be9f36ad1f29631f6860b0f0d69e0588af4a0150db9849ff4f95b093d83","sha512":"73db92a3088bb5c70af05dd9fbbd21e69c1a749a87cecfcf916b31dcff262448e6ee66cfb2251641ea31703b42c401fa31b4531ad6bf5e07cf1734c53893a57d","ssdeep":"384:Gfq49QvaP1IsB/3oNBRJlLHxZeELbYVpz54nK/CObOvo1qzf2IiK3aAyf39VfZbT:GfqRv6IwmlLHHnbSwObOvoUzfTKAyf9T","tlshash":"72a2d096fbf6737daf7700296bb7fe854b8a4c925d715a38241189fb0361ef13020a08","first_seen":"2025-07-05T18:20:16.036658Z","last_seen":"2025-12-16T00:56:15.799757Z","times_seen":29,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":150,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-193b-4d5b-d7e3-4e37.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-193b-4d5b-d7e3-4e37.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 21968\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nyOt0Q1afmW2yaN0fqgFNbk1LcZB8KzGGhJJ443XITKQa7P9Sns9jUpmtIAr4fP4Eewi92Jl6El02TRXPXn9xyWxbeyciAzyqvg5%2FkQ%3D\"}]}\r\ncf-ray: 9868b81968ae56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21968,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"1b627c489331fa5985900855eb1ac1d4","sha1":"07160f26c715793c168b5e507ae4fa5bedc0967c","sha256":"18d266c34cef860dc9885f46a2c77c9b1c902f87519a61af81b5c6d0f8194fea","sha512":"6d74ca7223663a589a749e40dd26fcda64579e910544458b6b7963c9e593d173dc5dc77b330dbcabb83c6586e3e92e5d55180850c48e42fe0f14c33f7f93cd09","ssdeep":"384:GffU0OVnQoBfQ399AQ4IAWVRvKJwYNfasgf/U+tvWtU9n+H85l3U:GffrOBQm/Q4IZQfasgf/nsC33k","tlshash":"66a2e1948d595880da5b4b76fd30c896539b007dc42cb2fe637e76b4c547cf28405acb","first_seen":"2025-06-01T04:50:53.061644Z","last_seen":"2025-09-29T04:26:24.275093Z","times_seen":33,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-4d10-5033-5f8e-46e8.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-4d10-5033-5f8e-46e8.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 21876\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tRW8ise4vi1TCvpy06Jp4SCaCLGJcIhkuuog6pTrri1yrpI62gOZDTBZJSMb%2FKBP5Gh414lSb%2FMn3QR7%2BqrB8zKnTYksm4hYu47JRMk%3D\"}]}\r\ncf-ray: 9868b81978ba56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21876,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"eaa763c18d1cfeba35dcf008c8249b19","sha1":"4d491ca93a6b8a8e51f92135fba4bca3c0003393","sha256":"4e874aa8a8fff526d2ea9a0ac207cc9bad9e03167467b33865f111f7603b15fd","sha512":"e0b80056ff7f09c8592c4eabe1372d849177a8264b130699cf48ac2c81996a7eb47829c1ed016e566f77b81e836a2338d8d15d4e667401e21d9fbf51ce184772","ssdeep":"384:Gfon4YAp+CBkrEfEUje/GA3sCXwMNm2H1Yg+yg/92eTDSQ8Jg:Gfo4YApFBkrEflGG1ck2lRmD1Mg","tlshash":"b1a2c07ad217c4234324c7ec9b02ad1609a5fd3d73d19639df225e9a9c85fbcaa8c841","first_seen":"2025-09-29T04:26:24.275619Z","last_seen":"2025-09-29T04:26:24.275619Z","times_seen":1,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/images/logo.png","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/images/logo.png HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/templates/flemmixnew/style/styles.css?v=9.919999\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 9120\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 21:59:51 GMT\r\nlast-modified: Tue, 16 Sep 2025 06:03:15 GMT\r\netag: \"23a0-68c8fda3-c42b2f7845761da0;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 370246\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lICQk7oDtoWpmZnlAAeYd7ZZS0cgS6OUVojlDMoYx4ilx1jBwh8UBwGYD0jiAkrw9Z7UGGWaC%2F4f5%2Bv90pl4lM5IE1K2%2FjwnBG3FIzg%3D\"}]}\r\ncf-ray: 9868b81998dd56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9120,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 154, 8-bit/color RGBA, non-interlaced","md5":"ce5339a0a9c2a9463c06eb3e93e8a727","sha1":"ef155c848e7cea9b7ded7fa49acfadf582357a15","sha256":"63ed95e71352aa9d95b81d6e04fbad5063d8d4936049ce317d56f6eb0f8c13f6","sha512":"4d93382d40cbf229d27d2d9685bcb16bd47c05792e227c5a716a21a22a24357287479c8c27a4b7edbf6b3e0e82ce6a2f21627cb4a2a3ff57e4ee07289a234099","ssdeep":"192:u/79D3uBaFX6E9Up6QbBruwyH8/uFmJNBSTmw0SB6cDWPigO:uDtAuXllSuoJzoH0SB6cDWRO","tlshash":"1812af55fa802e57e66d1f3134df127ff5b710914aa44ed64a0f3a026ca53f10e019fa","first_seen":"2023-05-11T06:10:11Z","last_seen":"2026-04-15T05:52:46.243354Z","times_seen":218,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-602e-726a-20da-417d.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-602e-726a-20da-417d.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17827\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QPJgmeXgVp7VRzD47wvI8Y3sXG00LhUoH2E1kDkto53dtjLc83ICjq72rsACT63hrDmwIMJ%2B2pF4YYS%2Bx3r0m9OXlnLuJLX6Zz9ydqA%3D\"}]}\r\ncf-ray: 9868b819a8e856b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":17827,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"ce7bdea1c8e8c23512cf9cab2e440ae6","sha1":"6c664ab92785d07a627bda40e690757d84f83fd7","sha256":"e08847af47c86677daeccbd3abcd53e0cb2fae352732f28253322b9c4e4dab8f","sha512":"88cc0cfb484de34e050e629f6920f567d331dfc2b09b6d1e9d7688b1109eb876d0f273e2dcaa298031ad86e091790a8d2b2c04a4ac492db6e5568f7f2567f56f","ssdeep":"384:GfxwBCznmJ6layOtVlRaATsGoM3Ivkq3y09Eq/867W3ia0fOfgOzR:GfGrJKayOtVCzPmIvkoy06q/8JP0fwR","tlshash":"a982c08555accd3a5723d2e03a49dd8d507aca430e6cf4327874ac27e732cf86a2e9c4","first_seen":"2025-09-24T16:24:04.251161Z","last_seen":"2026-04-10T05:18:50.62662Z","times_seen":44,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-4ee0-8fab-fc89-4726.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-4ee0-8fab-fc89-4726.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20608\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y4yYJ2f5cI%2FBUlCBm8YdsaxWyaMDHjq8U0d0ukGFQX5sIfKufzgq53lnOk42Vj9PoqQS2DKLbfTZ1N4os%2FiHgKM8OuD3cT%2FlepAgDbI%3D\"}]}\r\ncf-ray: 9868b819689e56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":20608,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"bb4531e6d630a64fc362490e2b230f2b","sha1":"c3e7d6802a8e843ac903c2942a0614a40311bf3c","sha256":"356bb892ee4529eea6079afaa4f88357d90ee628e4ba8f1848d4af56b6ba34d7","sha512":"d5a87cdbc65d307c75420629ec40037ca82c2bc7529d6ba85883f48ab6651f4b3470d72e1c94c3ba3208173b6151443f1ed5b0c4cf228ac6f1033400453734a3","ssdeep":"384:Gfywxf8vJYy+PsMsmQDAVI6xPXp31TumDJ7byakfY+v6zaaRQJ/4Az+xb2:GfLQGwAVlxxFdJ7OS+v6zauqgA+xq","tlshash":"3092d098782791326f1e32c075c27d5da1fe92a2a87bbd324bb16104909cd3e798d9cd","first_seen":"2025-08-17T15:20:54.30587Z","last_seen":"2026-02-22T18:45:37.391494Z","times_seen":26,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-fa42-d8f8-a871-4d0b.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-fa42-d8f8-a871-4d0b.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16046\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q61v0UI5ZYTQQGTJiahWywRgnKnT2vsNiwKEsJvKf85m3AgXyCI%2BHV2tqkjXoHuutF7Sopb%2FHfGDPrilsv%2BgQLiLdOerZoEpLkSG44E%3D\"}]}\r\ncf-ray: 9868b819689f56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16046,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"afb312f7b492b10d7540a0ceb382517b","sha1":"08feda2fd836496d75e6804d1b2e748154de7ee8","sha256":"9901c2a1c5337512f5766350eebdd441d98b4e415afed0217776111fb0eac160","sha512":"d86571486412af5a39c516445ef1c5084237ef81602a77597b5fd1a6d048c0ea7811634827b5d8cc5a70766faffdc64472574ec19abc2d75630a527c8f5913d9","ssdeep":"384:GfLvfalAxWDJyK/SldHTI6ST+BtunPzF22PMl2e8kDsgAm:GfLvSGQdyK/SlZT4Wtun7F9owW","tlshash":"8572c04dcfec81dbef9b638598d425a58825240cac6ad3703c9690938b27ff4ebdd584","first_seen":"2025-07-12T01:14:54.635683Z","last_seen":"2026-02-22T18:45:37.434807Z","times_seen":29,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-0596-df7b-5b46-40c1.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-0596-df7b-5b46-40c1.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17056\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OThPgp%2BaFR9QxOYWfmUWpIOL4AeuWn6ZkjRzYaYUBBIUanVM7X9pJbNQwNB6TON6qBKPzeykGKjjF9IXH9Xa8bxJeEvUpEeSzZQdCRg%3D\"}]}\r\ncf-ray: 9868b819a8e756b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":17056,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality\", baseline, precision 8, 250x345, components 3","md5":"74ba918bb46db1fc4cd082464dea6667","sha1":"c1f1985888c76a57b8f4493ed0fb7d67b889fc31","sha256":"7d3d10e1b1f3dfac72804e8b9c4381ddb4e7b5dea925b0953e2d9af5179b60c7","sha512":"659d4de2d017a11f83007dbb079b4129746e3b7d3f52cbde8c92dda3501ee5c3056a9d05584305ff8611db370f8c304f1b3c9b4623f7be41381499182fee21b3","ssdeep":"384:GX9JQKtpp5fjlaFafHlE9RaJEMwFfUVfzprMdu/D/hPiYSIChbmUBkRn/c:GX9JQqDfjlnfFebF6MSDJPiYpCSu","tlshash":"8572e058dfc23350d38f9d3056f4b899da8e985d5851fefb5115b02a8f2beb4a6c8220","first_seen":"2025-08-11T03:12:30.349345Z","last_seen":"2026-04-10T05:18:50.62397Z","times_seen":80,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-437d-1894-77f2-430b.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-437d-1894-77f2-430b.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 24204\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SF4iP5wmVpIM1JOdTkJIVIicAnGf7%2BMIiOpwI4RhTJb9I69IPQkn44hvPpRw2sfTsM67EqbNxPZCVLnc%2BNtcLVkfAVUgISN%2BAcoBRGk%3D\"}]}\r\ncf-ray: 9868b819a8eb56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":24204,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"1d196825255dad287be3e39b83aa83cf","sha1":"227432fe8f07a473d4d311c1e206d9c4abe88c97","sha256":"ca57b5f7ac5d3df39563d98dcd7e5ceb251b77fc0320c6bb8c5ee94755fc69e3","sha512":"4dc72f04dc506c4784aae79ce984e14181349a38857fff44512c418faa4db87bd9afd5671a56aa03c62c4360e634510c916b1a0a57b88cefd49de6832f3843d2","ssdeep":"384:GfBwDiuAoEi7xiD+fnYqNEy+Hfh/nyQNqfTjnhYGqVnzJrxuoXUcmdbG+ynJtRO7:GfyWk7xiCnNNEyqfFW4FMlcgG5nPtO1t","tlshash":"76b2d12dedf2014def3e9d249895a4c1a1f29dc0add89fb6ba144a6000e2d3cd6c7569","first_seen":"2024-12-22T07:00:00.288287Z","last_seen":"2025-11-15T19:32:09.449994Z","times_seen":78,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/cdn-cgi/challenge-platform/h/b/jsd/r/0.9936750926767817:1759116286:F6xQCnpikQQGxJBeU1LG9jF4-yCK5TlKUybIaxb7otY/9868b818282156b9","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.9936750926767817:1759116286:F6xQCnpikQQGxJBeU1LG9jF4-yCK5TlKUybIaxb7otY/9868b818282156b9 HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12079\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nCookie: cf_clearance=KUVAgQRGF8GVMYMqUp1bg9U0EUcovdq_Ah9jTUF8hUY-1759119953-1.2.1.1-8lar0c6RH1.QPuwPJnPxv96N44P5A9W710UDdtWLy4flXMy5WSCDLceBrI7QbG.YY9bnfUu8RF6S_ePtzyftTXI06ffA85e.6W_jMivavuCDwLat6u8r1lxACu1fUbTKP5bTrGSFghwkXHoy3sZRPPU9Aq7El3bAwcMB669uZT7tGrlckH0jzy6mcEd8JdQbb8b809qIaFdLOJciqMQ4Wa.g9gjVYwhQxFUDb9RdhwI\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-length: 0\r\nset-cookie: cf_clearance=hpzKIborXh7XnWY5wk.XtMlHjvwKcT7lItQ_KHDPTBc-1759119953-1.2.1.1-Jc0vdNg6yYxixm_fsxZ0P61.S7NrncNaXNQ9Fr0poy4jNBnihub6DeAmtzWa9U8ym7pubO2NDpghNe6T7r98IErM6oc8D1AQYkyNHRDi7NTk1dugPk2nmMiqTxWxMExfP7ZT2tj4r6N7YatiijjSglIbtX8FFs3HQaepejsrFr9o.YH6_7jEPFYBJzqRZpRtzOS_qREiSAswS8aKuRaz8aNvgx1_ibjomRWcQdQacD8; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=flemmix.monster; Expires=Tue, 29 Sep 2026 04:25:53 GMT\r\nserver: cloudflare\r\ncf-ray: 9868b81c49a90731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-b34b-9817-ad25-4f3a.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-b34b-9817-ad25-4f3a.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KZ5LfD%2BP0%2B%2Bf1zX3iKUEGu%2BAA%2FJMeeZZbEReQ24kFLT5QJW62S8U8K2uAakpiuyvj8TNxbOuaXIlA91JdnTsHJvMhXkQvhaIc0JVd28%3D\"}]}\r\ncf-ray: 9868b81978bf56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":19985,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"986172c8e63ef259dc622aaec4cc3045","sha1":"77bda93c8e327e3dc099e9b569e6a76081f4c7c6","sha256":"a60756375576a192549af74dd8024840473d0f69da5bcd6e25d8257dfe706172","sha512":"8bfe3c5e0fd17951cd07005fb85681398317f5aeda9668d30df0f747278db4fd01709f4be4c18be17e6f401513ce39555196797af6800c412d635401775e4c69","ssdeep":"384:Gfon0fa5149GDJPpsbUAUMmLHQ1Hb+DZhMFzpUnErrKDSyttPDyh4m:GfV6nXsRUt817IhYzpUMmDjRDXm","tlshash":"e092d0d7e03655310720cf38eee3253337a545a33a1c39ad4645dda83a28ff9652d06a","first_seen":"2025-09-24T16:24:04.255678Z","last_seen":"2025-09-29T04:26:24.280699Z","times_seen":2,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-c72f-8a76-988c-45b9.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-c72f-8a76-988c-45b9.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18328\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QY%2BEm%2Bmde3NOcUGdP9I%2B%2F7IUsft00bcYCSTo%2BOAauyDEa2TODlzBgwhmTrfPL9HItzspRlabmO0RXp5mmXp6jTaG5p5VpvaQtVGNfxY%3D\"}]}\r\ncf-ray: 9868b81978d156b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":18328,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"30945e765b85b6ce663f8781a9855506","sha1":"d7fa75f3c4bdd7e6f833d297ac413b09463a5799","sha256":"472f0aef921142ccff96df5a8f7ad32f2de8ba99c34f2293e61dc09d44286e01","sha512":"16d69436f7bd4d3bb610bb5bbd9f93d5e04b6e79f94827f884188c8861b70c90a2bffe466e42de7400e443a4cac8de134b5ccd088f141cd6c6bbd67ab86bd0c0","ssdeep":"384:Gf6XFPbcwZj/KfQ+f+fg+mS4VsshaXsfJ08JAxM7IFg3EyGFt5ytggjN7aOpTQZ:Gf6xbcwJo+KVC8fJbiK8Fg3ERDytTjNm","tlshash":"fd82bf8a9ec98e971fd3fc5662079776909c8acc3600ab35e921c16574e5c38d42ca6f","first_seen":"2025-09-29T04:26:24.281685Z","last_seen":"2025-09-29T04:26:24.281685Z","times_seen":1,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-0920-3686-7b7c-4cd1.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-0920-3686-7b7c-4cd1.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16308\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SHzukUYWaqIv2vcneGDsGT0TRdIq12cUL2Tka9cg%2FprdUcIxRObssQOCtt2qI%2BkG7avPUCbVN2c5BPkQj7MHT1%2BSzYUcBD3G3n4wdNk%3D\"}]}\r\ncf-ray: 9868b819a8e556b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":16308,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"f386d12b4d5298884581b31ec72ea56d","sha1":"ab1db7e590a00943da5261fdfed81c3bb35387d5","sha256":"0ea72dc844ef7b6b0e5b54465369b721c5eb7d93a9d0ef31482daed4397c6000","sha512":"fb480d302ada43c3018ab214366301bfa4dc02e978c5c53385014ec75b1e1c6bf60000dbaf909d09dc0ac8df155dddf36c53f8411aecc9284d108c7359f54ae1","ssdeep":"384:GfbGQErgBqHeDIb4oLd632WXiCTFpt8rzAdBZutBI54TivC:GfZWgBgeDIMoIjTN8n6ZutjT1","tlshash":"3172c19e134a99a4e7cd2d5c5396da70712dc2c9b8d4343503b21be2bd1fc7c84d5a8e","first_seen":"2025-07-05T18:20:16.000675Z","last_seen":"2026-04-10T05:18:50.64018Z","times_seen":91,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js? HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9868b81a091c56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10120,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10120), with no line terminators","md5":"564e5ef2fbfb8eee40398c263486f111","sha1":"6ddfda4c1f0ca9009615a36a4b87665abd3a5e9f","sha256":"14dcdb897055b8c10472e3892694435fd3179bd24a5b62463164ded0f9757a01","sha512":"3d119ca943e524b1c45e2b49c4238af480b52aed4ae3623d20e96ce53f8e92f5da6ee5b2df4c082bc95fbcaf0f9afdbd61192f265c3f27ed99c1410e829a16c5","ssdeep":"192:kP4QTgZeX6/jDA/BsLrPT61k1FkkH+6brs+JelwLPb6PdvF6c:kPGjOs761kLHbrf4wbWyc","tlshash":"d022a58f3d84e03589721cf0243f70d314aa9b5a21be5d4e9750acf87c717686879f9a","first_seen":"2025-09-29T04:00:15.120986Z","last_seen":"2025-09-29T04:26:24.283636Z","times_seen":2,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-3454-aa4b-1f69-4ad5.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-3454-aa4b-1f69-4ad5.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 11098\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yBnYs9%2FNvblCRxG4uSkUiYEm%2FGzL9jpHuDJGbbpMa12%2BX5aLS0jx2hGwlNZ8Q1lLOzrRYC4LLmuUqs2LHtKD5A4ArwjoZFPsH0ySvZg%3D\"}]}\r\ncf-ray: 9868b81978c456b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":11098,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"0297df06c5d9ab6af87b26539783f4c5","sha1":"a20f49b0e18ff0c7136389102954677a93fca80b","sha256":"1f37ef0372d79c2bd9e0dc157c5655edc43cf3301abfff654aa414f2616ce525","sha512":"5a79f21ce60b46674ac5f78f7d36ceea6cb4eaebdf156ae888a84749deb56f56ea529ff21a835edb57a59fa442b85cff7adde2b9bd3415d5dee5ec813ed462e3","ssdeep":"192:GQSIu6kUDosyaPKJ6FsepxFw2Zn/takG+1ig2hkyfMMOhDzY04zHui+UPdXPKK:GfakuK4FZpPw2Btq6FLMMgvR+OXT","tlshash":"5932cf37c69899059fd50aa0fc7b1b3b66fb8bf41cf012740a4228bde161e60516b5ce","first_seen":"2025-09-29T04:26:24.284193Z","last_seen":"2025-09-29T04:26:24.284193Z","times_seen":1,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bunkersparring.shop/gd/42662?md=eyJhIjo5NTQ1LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiJodHRwOi8vbmV1Zm5ldWYuc3BhY2UvIiwicSI6Imh0dHBzOi8vZmxlbW1peC5tb25zdGVyLyIsImgiOjkzMjYsImwiOiJlbi1VUyIsInQiOjAsInoiOjk0MTgsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidGY2eDRzbG93ODcxcTJyIiwibyI6dHJ1ZSwibSI6MTc1OTExOTk1MzA4OCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyZmxlbW1peCUyMC0lMjBGbGVtbWl4JTIwT25saW5lJTIwU2FucyUyMFB1YmxpY2l0JUMzJUE5JTIwU3RyZWFtaW5nJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026fc=wRsUqusYvVunHqj-RE13vA\u0026pr=Kkme4XgEMH..VcV0rdPRSA","fqdn":"bunkersparring.shop","domain":"bunkersparring.shop","tld":"shop"},"ip":{"addr":"23.109.170.252","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bunkersparring.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 00:53:21 GMT","end":"Tue, 23 Dec 2025 00:53:20 GMT"},"fingerprint":{"sha1":"D4:1F:24:AA:9C:8A:98:1D:7A:D9:5C:BA:16:C8:5C:DB:CF:AD:7C:14","sha256":"5F:E1:2A:F5:32:CD:96:E1:97:E9:3C:53:8A:AF:11:E6:59:FA:A7:BC:EA:E9:82:89:8B:97:0D:C0:96:DD:95:ED"}}},"request":{"raw":"OPTIONS /gd/42662?md=eyJhIjo5NTQ1LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiJodHRwOi8vbmV1Zm5ldWYuc3BhY2UvIiwicSI6Imh0dHBzOi8vZmxlbW1peC5tb25zdGVyLyIsImgiOjkzMjYsImwiOiJlbi1VUyIsInQiOjAsInoiOjk0MTgsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidGY2eDRzbG93ODcxcTJyIiwibyI6dHJ1ZSwibSI6MTc1OTExOTk1MzA4OCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyZmxlbW1peCUyMC0lMjBGbGVtbWl4JTIwT25saW5lJTIwU2FucyUyMFB1YmxpY2l0JUMzJUE5JTIwU3RyZWFtaW5nJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026fc=wRsUqusYvVunHqj-RE13vA\u0026pr=Kkme4XgEMH..VcV0rdPRSA HTTP/1.1\r\nHost: bunkersparring.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://flemmix.monster/\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://flemmix.monster\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"0d7a61a5ae2424f444691dfa38e694ae","sha1":"dfb2f770cb7740844d94d2a2517af244b34c56ae","sha256":"e3c083d0e62029a9fc90700e7effced43eb213718ad4e7517e5b05a5a0ad9e49","sha512":"dc4531ceee0347383f28990bd01470ce323b0338a83b5b51e2640e3a9d1509346e23fe490ebfaeb4d7a86fd8ef22d2d6465990e6cb6583468d47174b97d25d03","ssdeep":"","tlshash":"8a30000000000000000000c0000000000000000000000000000300000c0c000c000000","first_seen":"2025-06-10T16:02:54.181066Z","last_seen":"2026-04-25T15:00:23.833236Z","times_seen":1558,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":39,"dns":1,"connect":20,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://neufneuf.space/","date":"2025-09-29T04:25:49.425Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js? HTTP/1.1\r\nHost: neufneuf.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: wssplashchk=e7bbd9a18ae3c428649bc11a6493b47ac1540509.1759125037.0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 29 Sep 2025 04:25:49 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 9868b803ecb3723c-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10102,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10102), with no line terminators","md5":"e3ca84c1b3ee845e14b5128d005822bb","sha1":"909308ab3f65b86db2b79fd3b537558d1c65fd72","sha256":"0599280c17c9e0904c8050be706cdc68b792c74279a7ce21b27174675555100b","sha512":"04ceac7b2936501c9ee5708f6a51548f03d15926d501a4134ffc7c34e5e6465d273ec05fdecb2b97262f872f99ddc8b68bfee56d43ead69844b06d0c1a1a272c","ssdeep":"192:wnxH1FqL/BwmshB1G5AL1+1O9QleU+dhacAZZaxbM+7vC:wYNwxG5ALsmgeU+d4cAZZioJ","tlshash":"4822c48f3d89e02595761df0643b70d711a98b2a20be5e5e9740ecf87c31768287df8a","first_seen":"2025-09-29T03:47:39.298829Z","last_seen":"2025-09-29T04:26:24.285811Z","times_seen":2,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-a988-3a3b-996a-4125.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-a988-3a3b-996a-4125.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 24061\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0jFtxd6oiT3QTNrg0IWR2dKYdgjEPcr6K2%2FvpT7lDB3Gm9Zw9Nef%2FmAPpIVLqnl3LNUNz98%2Bbv1p%2Fo8rq%2FdlvZV42FQNk5fNw0N6YOI%3D\"}]}\r\ncf-ray: 9868b81968a056b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24061,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"340139dbb8dad188ff8be48ab8c85393","sha1":"39c7f40bddb5a3a331710dc639f383077bf267e5","sha256":"c73935e781c81e1a1b79afbaa92b3077d9d5dbef0e586fe78ad7293231e7b186","sha512":"63792dfdad269e7893cd1815ca1e5d72c8347a17b3dbd73624b7e8f89d3a1cd5c7970b63a4d7727cb743abaf340d8243e51459a53b00b71a0f905cf2d432351d","ssdeep":"384:GfpHjVbfgygIGU/OtDnoW67YV5vFGu+naiJ8Ffidd+nehmPqe51e6Xg8c70PQhO9:GfpjVgyglU7XkV3Gja08FfsaIoqeQCIw","tlshash":"3cb2e0499bba0be8cf13f264be276e1807dd124a75cef47e8787b19c8442c3b4844939","first_seen":"2025-08-17T15:20:54.300904Z","last_seen":"2026-01-28T03:21:31.631258Z","times_seen":22,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-63a3-c677-fec6-4f6c.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-63a3-c677-fec6-4f6c.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T%2BERPC3vJdXuVurFy6qptl3twWORMESQNWcGFF1qapE%2Fy02doxomU0TWSwXOP2%2BrkpJjvfc2wCBO0WoTAVZ3yxdwDZ954sBYalJ0%2FmE%3D\"}]}\r\ncf-ray: 9868b81968a856b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":13360,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"c883b82bd7e5bbed5e4b1220d95f3470","sha1":"8d427abb6cd5f47c1a3590760306065cbd656412","sha256":"63a17d59355df9cce94f58599d119fd6367c7f40d24273edf5bfc0edd190aa98","sha512":"048c19e6b859e8cfdbb52c936d030cd7e571c8a9a24eb4a549c226e1aca86c255af6f21d32fabd89f42d07ae49eb4431c5857f71ef2c203d5b37d22a60757673","ssdeep":"384:GfotU6dKzLpKY7RFeUAF4nuFZJBj4Us5T+3YUV:GfoqMApKsDNAF426N5HC","tlshash":"8152c0afd1c07cfaaf6751b2459a39781185891b81c38b3d2de10f394864cbe8b99518","first_seen":"2025-06-19T04:59:07.729732Z","last_seen":"2025-11-20T02:38:04.216899Z","times_seen":28,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-5b08-8935-ffab-4498.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-5b08-8935-ffab-4498.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 27643\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vWsfCxd1JWBI9xsgrrQocCU%2FpJ6Pk%2Fdg0oACwhwfjJGKKaB46pFy2zNJ%2BK6tKs7FFUVu1%2BtkSGB8680lv3M57WGPhZEIVSJv5rYIDoA%3D\"}]}\r\ncf-ray: 9868b81968ac56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":27643,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"62805c38a52b57d0bc7ab11471b2719e","sha1":"865aad11eb745992edf624c93a6334f5d4a93c98","sha256":"7d6165bbd3c68191528df0dd3c47c72ea5caf8e5a6c4793653bc401441ced852","sha512":"d7283d34b51817612fb70ca852602228d4d3066fd608a16ce1b3b3bd34d3c82df1431a0eeb76ae8341ae839bf48a6db918b1d6dc22980b6011492b28bf321fb7","ssdeep":"384:GfVXqz6dR1hFknmFDBgbQ2HNuA6PVC3JUJxPtvYR5Z6hyGzzXq7K+tWvqWkKQIY:GfV9drMnmFDS5tWlLPtvwpWGXtWyV8Y","tlshash":"4dc2f1a8a4fb7131a7e73145e6733c4f6451fea58c15f4304aeca3b1a09b972b58dc09","first_seen":"2025-01-01T05:33:21.387815Z","last_seen":"2025-11-08T11:37:13.966467Z","times_seen":46,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-719b-532b-0a82-4fa4.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-719b-532b-0a82-4fa4.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20099\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Skw2XTkVfUlODwrkloUcVLBfsydvS4IykTvFKgiB9GqXAczlTlOMoj3sBoPJnvG4MQun7cnkWkm9b6nq1%2BcyKrEmj4YKi%2FvpzAEW%2FXE%3D\"}]}\r\ncf-ray: 9868b81978d256b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20099,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"862d8d493ea98da7f4103ef9fef70139","sha1":"b4c527a92643dae594a3747a35a582445ffdceb6","sha256":"5e83bdb213de152670daf59f471d7e927b007fa402465c0a7b39c8963a0d1312","sha512":"929cb259d033aa33824a49efe9af314f055ff673fa02e536742a6bdc95b88bf9026756b7e49d35404ccc61085e0ae03036c52825be8434090205c01edfc4116a","ssdeep":"384:GfzyoctmDVLoQILhwy5mBcLQbB1kBrPbzncUijvCgNgv0H:Gf2Bh3iB1kNKbgsH","tlshash":"6f92d14704055291c7e466a3d931621d975be9efadb13b3eef50ce83ad17cfd6842808","first_seen":"2025-09-29T04:26:24.288738Z","last_seen":"2025-09-29T04:26:24.288738Z","times_seen":1,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bunkersparring.shop/gd/42662?md=eyJhIjo5NTQ1LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiJodHRwOi8vbmV1Zm5ldWYuc3BhY2UvIiwicSI6Imh0dHBzOi8vZmxlbW1peC5tb25zdGVyLyIsImgiOjkzMjYsImwiOiJlbi1VUyIsInQiOjAsInoiOjk0MTgsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidGY2eDRzbG93ODcxcTJyIiwibyI6dHJ1ZSwibSI6MTc1OTExOTk1MzA4OCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyZmxlbW1peCUyMC0lMjBGbGVtbWl4JTIwT25saW5lJTIwU2FucyUyMFB1YmxpY2l0JUMzJUE5JTIwU3RyZWFtaW5nJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026fc=wRsUqusYvVunHqj-RE13vA\u0026pr=Kkme4XgEMH..VcV0rdPRSA","fqdn":"bunkersparring.shop","domain":"bunkersparring.shop","tld":"shop"},"ip":{"addr":"23.109.170.252","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bunkersparring.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 24 Sep 2025 00:53:21 GMT","end":"Tue, 23 Dec 2025 00:53:20 GMT"},"fingerprint":{"sha1":"D4:1F:24:AA:9C:8A:98:1D:7A:D9:5C:BA:16:C8:5C:DB:CF:AD:7C:14","sha256":"5F:E1:2A:F5:32:CD:96:E1:97:E9:3C:53:8A:AF:11:E6:59:FA:A7:BC:EA:E9:82:89:8B:97:0D:C0:96:DD:95:ED"}}},"request":{"raw":"POST /gd/42662?md=eyJhIjo5NTQ1LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiJodHRwOi8vbmV1Zm5ldWYuc3BhY2UvIiwicSI6Imh0dHBzOi8vZmxlbW1peC5tb25zdGVyLyIsImgiOjkzMjYsImwiOiJlbi1VUyIsInQiOjAsInoiOjk0MTgsImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoidGY2eDRzbG93ODcxcTJyIiwibyI6dHJ1ZSwibSI6MTc1OTExOTk1MzA4OCwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyZmxlbW1peCUyMC0lMjBGbGVtbWl4JTIwT25saW5lJTIwU2FucyUyMFB1YmxpY2l0JUMzJUE5JTIwU3RyZWFtaW5nJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjMyLCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026fc=wRsUqusYvVunHqj-RE13vA\u0026pr=Kkme4XgEMH..VcV0rdPRSA HTTP/1.1\r\nHost: bunkersparring.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://flemmix.monster/\r\nContent-Type: application/json\r\nContent-Length: 82\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: application/json\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://flemmix.monster\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Tue, 30-Sep-2025 04:25:53 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Tue, 30-Sep-2025 04:25:53 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":752,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2ddaea0ca8cbca7ac16a95f8d411a937","sha1":"d6a77bf914e85f0a0500f9f96b26e185f314f1bd","sha256":"86ff126d70f3e5360870214017b15cb87d7be9f3ff3574a0f2faa985744d805d","sha512":"1fe470b4b76dfe5c7d781ae528bbe747b04313e5d758571884356a56e58aac30cb006095d10642ff547e1228905302972a023a993c594b0bf82e19dbebf32c84","ssdeep":"","tlshash":"f9016ac7646f704b478094970f7f994585b62ca353449dcc78759e58036b49c72097bb","first_seen":"2025-09-29T04:26:24.289686Z","last_seen":"2025-09-29T04:26:24.289686Z","times_seen":1,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":5,"connect":20,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-02dc-8b69-5820-4e71.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-02dc-8b69-5820-4e71.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19403\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TbU0nqatuViPyjzsDsx4S7GnwXfe1%2F%2BZImleQd7jvC95Di7UtfT40WkIs4byd7jL93orTu4CNRElGLtf1mMi5M32MGqNaCyOiwUiooY%3D\"}]}\r\ncf-ray: 9868b81978bb56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19403,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"bea806cfa0f3e2e5f5e5972c8b24f53f","sha1":"168c1b7f7ab5f4b2d9cebf55140c4508a8d78b99","sha256":"71e66908c15908b85119bbaae5fe433e9593d87370c67199e80ebbbbae9d344e","sha512":"93c22dbad557d089b3de5a1561613ea4cda36f0a25fe1ebeb48702aaf875224b1ad5210ccfcb8926da9325a73c59f3ed1859ed6e69d4c412c8c2ba340fc2288c","ssdeep":"384:Gf6rGVL/MRmqO1ywf8OMFJzgI1RVRJtw0ETKwxm4ME0iJU7J0M7:Gf6aVTiQyU87zgIt/+0kKwNZ1JiJn7","tlshash":"5892e1164f0716833b784a64db7f4601db2d40d3dc61aeb472956ffa935def421b108a","first_seen":"2025-09-24T16:24:04.238464Z","last_seen":"2025-09-29T04:26:24.290786Z","times_seen":2,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/recaptcha/api.js","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.178.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:37:54 GMT","end":"Mon, 01 Dec 2025 08:37:53 GMT"},"fingerprint":{"sha1":"28:1C:E7:95:EC:8D:32:9E:63:9A:72:B2:8D:47:E5:13:F7:CA:5E:18","sha256":"52:99:CC:AA:BC:C4:15:12:9C:2B:FA:D7:97:2A:C4:D3:7D:B0:5C:E0:02:26:3C:8D:B2:4B:BE:89:1A:70:D6:31"}}},"request":{"raw":"GET /recaptcha/api.js HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\nexpires: Mon, 29 Sep 2025 04:25:53 GMT\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncache-control: private, max-age=300\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_38fac9d5b82543fc4729580d18ff2d3d\"\r\nreport-to: {\"group\":\"coop_38fac9d5b82543fc4729580d18ff2d3d\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d\"}]}\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1017,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1017), with no line terminators","md5":"a4e3c35bc300d581527e578fc0906ccc","sha1":"dcffeee70e292177e1096e90942553f4db9599cf","sha256":"523aa3b5dbd55cb310103e5883932ba2325dd1a97e448a673e3205cca142f630","sha512":"e5873fdab5e2290c17f1750f5686ca7294748d1869de6e8989142f1cd4497cff5bd15d317285f0239cd5d927a23f65ca938eb6bd49e97c815f08946bfc24c45d","ssdeep":"","tlshash":"51110e771714e0390b7209e1e5fecbb5e492701cf12845e8e946ded81e6accbce05989","first_seen":"2025-09-10T14:19:46.057703Z","last_seen":"2026-03-13T02:18:04.057274Z","times_seen":3551,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":72,"dns":0,"connect":15,"send":0,"wait":34,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/js/owl.carousel.min.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/js/owl.carousel.min.js HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-length: 10154\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 16 Sep 2025 06:03:16 GMT\r\netag: \"ad36-68c8fda4-273639e577bfe821;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 4509\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nzv30%2B%2BUJN%2B2Qc3OzcScBsrnZaVQBJDyaVjXvNbWkVZmTLcpM0Hk3pOWUYdubr18GAzfTYtLOdW1bIiZcIVMSKU%2FRP08oEUgc1JqjfQ%3D\"}]}\r\ncf-ray: 9868b819d90256b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":44342,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31997)","md5":"f416f9031fef25ae25ba9756e3eb6978","sha1":"e2a600e433df72b4cfde93d7880e3114917a3cbe","sha256":"a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d","sha512":"6cfb3b01eea956f84e4a221cc940a547bfead8e02c462a2fc38bc0917fb325bc374a101e7aa7b3ab9d11208708511abb39adb4ad6da7daaf9fc9704d714f65af","ssdeep":"768:UCI7dmuMFAAJG4dlQKNORpnXGAtep2lcwJeL+wr2RSGc7UuHjRUQuFBt33:PITMFC4dbMVRSGcgRDV","tlshash":"e7137346b3202d2a869b61a0663f160bb23a241ce414547d7d79e6de6d7dc8c213ffbc","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-04-25T15:48:41.109391Z","times_seen":51192,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/style/styles.css?v=9.919999","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/style/styles.css?v=9.919999 HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 7059\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 21:59:51 GMT\r\nlast-modified: Tue, 16 Sep 2025 06:03:17 GMT\r\netag: \"990a-68c8fda5-5fe07375efea2911;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 370246\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lT60RpT5CVz6N7Km9Y3VoESuy8EIaz4MnfWqFSyeSWBn8c7smkIBjJEc0CRzOJsad%2Fz6eDyjibUyT%2B3vyrYnR4sBHwfZ8q4DQdAsMmk%3D\"}]}\r\ncf-ray: 9868b819688c56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":39178,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"Unicode text, UTF-8 text","md5":"4d2f1a991a7ede93a4440cd064b5bbfe","sha1":"91b823d4cefdf7103cd8e039e6ff6d10a4ff37e7","sha256":"10cc5d52a8534e2ab5919eefa868ec0a6aa80c26fd359d923f239dded9a2c105","sha512":"149bf5985d9c769760490bddd2c0dc3d6cb2fb0401a1067dbff05af554ee4f5cbf1a20ef41fc533d646dcb8257bef90288daa2ea23eda480262e4caf03a0b965","ssdeep":"768:LEm3VUWsnxcA5eCNpglR4eln3wWSQxGwGjOPfti+VHyCGxXEHw:LEmlUWkiA5eCNpglR4eh3wWNGjOXti+m","tlshash":"f5035826ab11188df11fa1eddea46ba5572b00a2af0f4eebf465343cd24d4d01572e8e","first_seen":"2025-05-11T09:20:24.778786Z","last_seen":"2026-04-10T05:18:50.580301Z","times_seen":106,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-2236-4a7e-2e4f-48de.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-2236-4a7e-2e4f-48de.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14620\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cNETqO5kiqWpV9kSTMoMelMX46Uy6zb67ksEgYy7TtLtYo2cZdbHLp8nIxtovVzsnt5pmKt59X2QcolGXk9v07Lvpg2wOApeWYV%2BOFw%3D\"}]}\r\ncf-ray: 9868b819689456b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14620,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"f1c12452a0e1347022be487ca62f1875","sha1":"320069d7561758db5b29d51e96a18d78bb05ac0d","sha256":"50a9aa3404cfb942a31f02c5e0cc5176358c7bc84400d1dcab5aca9f5707a00d","sha512":"89b70dafeba9cbaf78e64ae8d92880a108d4fd40c079fcd717cac926ddcb18a502b44251ab99a06c9bc493bdefce45cefce5c0b9ac57471a85f94c47535053e2","ssdeep":"384:Gf9xxEOLThDY9O494EbRN/5lsCSfrVoX0H:Gf9xxE+dDY9OBytSfW0H","tlshash":"1062c02717530650973b12c95f5f6bedc4fd728501a177385e798e2aa92acb2f0c6423","first_seen":"2025-09-16T09:41:21.346943Z","last_seen":"2025-09-29T04:26:24.293364Z","times_seen":3,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":66,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-3175-20d7-a7f6-4ebc.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-3175-20d7-a7f6-4ebc.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15885\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Zade38uICYs5n0AC7kTkwu14XQh7aFK4yR2FqpJgqFLpe6dRcvjtYxNrIGThshi2bkIl%2BCCq%2BxOTNOZ04sQy16Zy3Nc2NkZQD3Wr568%3D\"}]}\r\ncf-ray: 9868b819689856b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":15885,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"dc47c23ee5977a0d755ebf66788e0796","sha1":"4e827f074bb6c4d9cf51c943283249e37f0c5663","sha256":"9f56ecf873b7d4dbd93e9abd7d71eebfa9fad03408ec725fd5a54e09b95dea29","sha512":"2c205227b7f78e64d04f076c5ff6827d617a71fbba32c47be0a0ae5a4a923098494f75d0fb07d93fae5c693c52960dfb52a49aac187bb5430597a52f65126354","ssdeep":"384:GfeyryqQLeacOWML270DuSM6qId56NQo+kpqNKL4rXV9LOMz8m5gKS/GD:GfZYVX278ffD6NQo+kpJsrQm5gzeD","tlshash":"f462c02c9127315d9b0bcca15c503e65067fb628608b4cbfa719ae2adc14dbc9e177cd","first_seen":"2025-08-11T23:17:56.204858Z","last_seen":"2025-11-08T11:37:14.03874Z","times_seen":16,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-8d9a-fc7a-c5fa-40dd.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-8d9a-fc7a-c5fa-40dd.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15830\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zvPgQPSM1%2BqXPHBbV%2F2mJbhkSN1K2lOzvYSqyE7owLfczYYHcX2AvokzbQ6Z7%2F3ls2M4pG6BVnRYiP%2FnuP%2FMGwLHjH1ALCbqIyKRHBM%3D\"}]}\r\ncf-ray: 9868b81978b956b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":15830,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"2da585f762a5d225007b461c956b160c","sha1":"2b465d9cf51b2b6a34660ac6e3c0e6c5113f211d","sha256":"3aff9d979fceb60e7edf47d09944df61d8ed29f58c5057d6de6f95a6f72b1957","sha512":"089a36000128dccedcab32d8841400f2060405a3084384f90239a8123c4e31011aa26499000f2a3121cc08048b95faccf0b97ff6e18d4bb9792e2861fda3f645","ssdeep":"384:GfNxIz2fnrhXCtfld+aSmmFaTOIrbXQs2p1C/0O:GfNxR/rQ5ld5SRF0fiL3O","tlshash":"8962d1f66dcfd08f0f7b86b6493626af4e8ac8d78e907af6335a0119960edb1454c004","first_seen":"2025-08-24T08:34:50.250542Z","last_seen":"2025-11-08T11:37:13.970674Z","times_seen":9,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":66,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-3408-a77e-323e-4de5.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-3408-a77e-323e-4de5.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 25765\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NQPoF2UYUPGPkLgpBqFdazSjR9ho89C%2FbF7ftj3tLIuFjn1YS4Io7j6TM1dtfhhSVlgB6eIjxYfjLhSwROKjkgcCmV0lwg9j3Qo8OhI%3D\"}]}\r\ncf-ray: 9868b81978c256b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":25765,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"37101531bcca2fb9f138462f5616a77b","sha1":"6324d5d25236ca2a83d80e6f05ff34308edcd3c7","sha256":"4166b0e79afcf71b015f0b30afa21a7279160b84d383aeb85d9ad3b63a843dcb","sha512":"8e3bc256fbaefba2fa95ed9019a8a0e005d13823f0aa1b155f603d72d26d5359ebd296919cf4174f89e3d29369bce59c1e3d4a3633d18411ffd38d1798ee4213","ssdeep":"768:GftHdPrujHtWlXqltDB9b1DTq7jqMKrCEp:It9CTt8XqlpTdqoxp","tlshash":"72c2e12ce4f152498fe4e574932b1f6b642d96ca1d88a4b7ee3b9b0e4d50fd0c345988","first_seen":"2025-09-29T04:26:24.295666Z","last_seen":"2025-09-29T04:26:24.295666Z","times_seen":1,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/images/vostfr.png","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/images/vostfr.png HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/templates/flemmixnew/style/styles.css?v=9.919999\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 1742\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 21:59:53 GMT\r\nlast-modified: Tue, 16 Sep 2025 06:03:15 GMT\r\netag: \"6ce-68c8fda3-30f1322f9a6197e9;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 370244\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SoDfVwHB38Wd7LLwRB8T7u7JpbRDZ3XNmIHSLWfu3D5y4q2GawXxFbKl44yu%2BaKrgNapsHc%2FDydo7tcJyA96zcoTz687hc1SkBTD9mg%3D\"}]}\r\ncf-ray: 9868b81998df56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1742,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 20, 8-bit/color RGBA, non-interlaced","md5":"9f14dc49caecb6f0a868f1ceaec98054","sha1":"b6889d8545f1ed88db534ea6f3ee8e4b232f0391","sha256":"af2d24e4bfe8d2d26d9517fe32a60df8a930e92886e2fcffe1c413985da763f7","sha512":"c55c8bc17995783b97bbf26c115841969405c919aa965776d12e106ec3679f34daddf47da9f20fc6fabedb0ff924af9a8db7c6dffae6e5a344c9d3e759c82528","ssdeep":"","tlshash":"01319949eed0610701ccf7d204daa07ba5a24c51ca907451e9c6c4295c7a2f9e569ccb","first_seen":"2023-07-14T23:04:53Z","last_seen":"2026-04-12T19:57:54.435021Z","times_seen":74,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/engine/editor/css/default.css","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /engine/editor/css/default.css HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 590\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 21:59:51 GMT\r\nlast-modified: Tue, 16 Sep 2025 06:01:28 GMT\r\netag: \"9ab-68c8fd38-2f3d728c13bf5b14;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 370246\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HGKOguGJGh3JaT%2FvuldIHWBMCphUCeYR3Z8%2FvYDs%2B58l%2BtATGngdw16hdgWPyVApFALw7Eytq80XNbZA%2BvvVhzxc90uwpEpuILrzpVI%3D\"}]}\r\ncf-ray: 9868b819a8f156b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":2475,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"cc21ca877727f912ec1076a5532d0b6b","sha1":"afbec861ea4317a0572a5d8cc5ee97cb0aced57d","sha256":"f55a11baf33fb17425e40acd9266d2277424db4e0ae3bf3c703418de8b13101d","sha512":"a066f2ae2e5816939774fb220564e998cb797d50b0abcaf811e284ee3c14e8fa4db822e09ba18e6a7c3df36a267442c53fd69c641339ff61561a9f5a3870d9b5","ssdeep":"","tlshash":"4451d0f679e54904ba60c05428857b343bab8363ca0fdcfd5be1665ccbc939645f2a60","first_seen":"2023-04-08T01:38:55Z","last_seen":"2026-04-25T10:54:44.476354Z","times_seen":1216,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-be24-e631-7923-4cd6.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-be24-e631-7923-4cd6.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23491\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pT%2BKkyTnP%2F17NJN5pJOFrtNVd1DgdZuw6NSowMb2pszLf0pgf1rHb%2BPUvC%2F45SRmj%2B8WpaBtvUoy%2FszNwEHd5FomK2mYGz20gZemRlQ%3D\"}]}\r\ncf-ray: 9868b81968b456b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":23491,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"0b52631773e7c3f4ba917ef0593ebf76","sha1":"f582faaa4f1ebf9d5d2020443de3cad5c72636bb","sha256":"7d55d507661dcfa062a151842d90ef40f69d24294a42caa8fcc7ad9074ef788c","sha512":"af9f41283c0d37984c15063c06f1432788c8eb878e7bdd6b1a34006116ace12df5ae90613825ea7e4b2949a459118bb534cffb0e7b802969f09c3e7c851b231f","ssdeep":"384:Gf5kYEof13qcwMMKJcc7zYWQZcSyMK+mw7MTXjJo830SQuY:Gf5kof8cwpW4WQz/mIIXjJ3s","tlshash":"d8b2d14fb08b8ba99b5534c3a14304bd0be9e4132531ebf28a839376f560d79c12e5dd","first_seen":"2025-06-01T04:50:52.980872Z","last_seen":"2025-09-29T04:26:24.298033Z","times_seen":33,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-7f66-511c-2b54-475a.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-7f66-511c-2b54-475a.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22295\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=08YDDBJvFbY%2Fx8ZilcfRvO3XQTjsv5%2FDAVHxLDffhPkz%2BllPt7ZghwT8mRwqEEwY4rP5um8oRvf9%2FAMwFhxw4JF5gDxCS5zT3DQU%2Fls%3D\"}]}\r\ncf-ray: 9868b819a8e356b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22295,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"12e35f1531b239359712a2076591132c","sha1":"4a0dbae9119f1eaaf68e869737bdf74cc6897a48","sha256":"2b480df80122e7aa570c196b775be6cc6e4ee9de867b50f03c6832d282580fb7","sha512":"eede16d56f678fd4541552a2073940e54aebbda8c678d44cd883125120d3a369ce957270461dc6b804ba6f4283f05981595db15324f49d5d5b21fe846077fd14","ssdeep":"384:GfXFSXoqPoNXyP+gpsUf34XW65aYH82BmWwdr4iNc6XyMisD/mpVTIftRKZkFMsF:GfXsYrXyP/sC34XW60YcIjriNZC5E/SY","tlshash":"f7a2d184d3df5dd5ef1d42684b216e2aa0918d129a4d4fbe8452fe982140cb8e37db49","first_seen":"2023-05-11T06:10:11Z","last_seen":"2025-11-15T19:32:09.42278Z","times_seen":161,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-length: 0\r\nlocation: /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\ncf-ray: 9868b819f91756b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10120,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-8b19-d458-dd4f-416d.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-8b19-d458-dd4f-416d.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eN4XKZwVNJDFGSHAydcKMcJ4aGknKqeeGajYzkUa%2FdfsIfSLH5mZn3arWtdoRfx%2BYI7I%2BBw%2BC3eGoPxnI6HkavEWBzweTItumnVgITs%3D\"}]}\r\ncf-ray: 9868b81978d456b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":16813,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"ecc63986a0e74bf95531b2371beef595","sha1":"41f47fe581301f8cde5c163a1e0692eef34c1698","sha256":"182f60cd8b5e227a6d88c0f434887eb43b2abb34b9b389761d3ebd2a234f9c14","sha512":"45533b3c7db351e74b786cdaba96b690067168be2f5c036867677e3f724c5867c4b0059fd6c01c549dcf79984aec3a93927e76f7ee7aa4e6d2896e919801e2ed","ssdeep":"384:Gfu1pItQWWuuqh1LX5rqolFeSunqymVKz2xdsFOJCv:GfwpBWWuumRVfeXfGYcdFJc","tlshash":"3c72e01f6a8d21f16f1670d614ab42ede0d1a4636b1626f819521c3c07bfff9d842228","first_seen":"2025-09-29T04:26:24.299153Z","last_seen":"2025-09-29T04:26:24.299153Z","times_seen":1,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-09d7-cb63-6841-4472.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-09d7-cb63-6841-4472.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23084\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U%2BK1%2BftZjvc7Wf8HrWU5HAy%2BTzcxUZNE1kNKLfux4X7CZJz4KnTftSCpEAvI2V3EYngDoaaNsrsjTVaTPXpfKt3dMrZxUW8Nsc7YDl8%3D\"}]}\r\ncf-ray: 9868b819a8e456b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":23084,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality\", baseline, precision 8, 250x345, components 3","md5":"a9998a1b30320f7a6a09419de8cdf7c1","sha1":"9dd090170a53b3d07ef7961d5eb2c6aace755097","sha256":"8e3864c1822938dfaaf7570a895dce9db976e084e2466e621a977639ae7d5b40","sha512":"8ad65d8a7e5f7fe81dd8923effea945b8bc19162ecf44021c72c71e10770a1c6fa444deba25bfe367166c93d53339a605c7902bec837a40dd8b65a883814da24","ssdeep":"384:GXpR+2AzIZ4Ow2yUW33nRbPxef2Q8zAkwgTYpUmBjXopWRSAzo6r9SrTNy0ZGZDx:GXiIVyF35CDzcmBjX9SB6rGw0I1x","tlshash":"7ea2e09a224cec51ad9b3fc332da2f044d9a4c96e4751037a9d0f6d8faa4cb15e81c7d","first_seen":"2024-04-21T17:13:58Z","last_seen":"2026-04-10T05:18:50.550642Z","times_seen":197,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/images/favicon.png","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/images/favicon.png HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nCookie: cf_clearance=KUVAgQRGF8GVMYMqUp1bg9U0EUcovdq_Ah9jTUF8hUY-1759119953-1.2.1.1-8lar0c6RH1.QPuwPJnPxv96N44P5A9W710UDdtWLy4flXMy5WSCDLceBrI7QbG.YY9bnfUu8RF6S_ePtzyftTXI06ffA85e.6W_jMivavuCDwLat6u8r1lxACu1fUbTKP5bTrGSFghwkXHoy3sZRPPU9Aq7El3bAwcMB669uZT7tGrlckH0jzy6mcEd8JdQbb8b809qIaFdLOJciqMQ4Wa.g9gjVYwhQxFUDb9RdhwI\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 1697\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 23:00:08 GMT\r\nlast-modified: Tue, 16 Sep 2025 06:03:14 GMT\r\netag: \"6a1-68c8fda2-4913fae143181e27;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 366629\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r%2BB2SJF990xkv%2FoQVsNjzF6qYNiN3zr9wSA5yvjukmQnWNuY5MbXZurExqlJBHn0ZejXyEy5qcv9G94Q4%2BDUCNdDp8QukVv%2FRGGW7m3CHA%3D%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9868b81ba9a20731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":1697,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"2a1aa382716498176dc8dbddb02b3362","sha1":"48670096694c27db5f0d3920e355f0de9d44860e","sha256":"7aeb371b2f5ee10632795488f6d7f87b6d62bc92a059c3b61362e313cff2c8e8","sha512":"05eb779f30b9b4515554458e6673fca18098cb05df4775acc6852893a69aa35f973df5a76354c8777c687152f038b769e55f46e78b7b04b8bb531e480068832c","ssdeep":"","tlshash":"fd31c824af501cd1b56de6641ce3c4276e270c81ab90f47abb9fc16254777f140725db","first_seen":"2023-05-11T06:10:11Z","last_seen":"2026-04-15T05:52:46.23777Z","times_seen":220,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/cdn-cgi/challenge-platform/h/b/jsd/r/0.9936750926767817:1759116286:F6xQCnpikQQGxJBeU1LG9jF4-yCK5TlKUybIaxb7otY/9868b8027a54b4fd","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://neufneuf.space/","date":"2025-09-29T04:25:49.461Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.9936750926767817:1759116286:F6xQCnpikQQGxJBeU1LG9jF4-yCK5TlKUybIaxb7otY/9868b8027a54b4fd HTTP/1.1\r\nHost: neufneuf.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 11500\r\nOrigin: http://neufneuf.space\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://neufneuf.space/\r\nCookie: wssplashchk=e7bbd9a18ae3c428649bc11a6493b47ac1540509.1759125037.0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 29 Sep 2025 04:25:49 GMT\r\nContent-Type: text/plain; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nServer: cloudflare\r\nset-cookie: cf_clearance=IzYojDaEELb7CWcw8C7nO6RpYB883rZGvgySaSGYDgw-1759119949-1.2.1.1-_S9WY9.k83LBD6OnFjOiLbxOnCXNtrpWR2v8.pIFVbzA4gJrr_anT3H.wzs4dsXT9XHPvukHa1NUM9C0SvkuYfMchu3Uw.Su3TEv6e18WsjPxbYITCbz1hjMudnE8nrMbEqRZo5KqcERLhcQu75ie6kXGfm7ibIMlIiFmDhnbkBnwrma8_6TMbJ9CQwzCv9ZYAlsqg2PajPIZS1iVL0NG24Ka6bYjzwyE.7uZ5Mk7D4; HttpOnly; SameSite=Strict; Path=/; Domain=neufneuf.space; Expires=Tue, 29 Sep 2026 04:25:49 GMT\r\nCF-RAY: 9868b8042d02723c-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-e470-e175-872b-45bd.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-e470-e175-872b-45bd.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3kOEdi%2BXWs5WDQTI3tQsBNU1Pt6Oq7F5VOqg4F03bGtx2BRn1HimiuMtqi6r5q8uribLA7%2FO5UjE2u7u6DKuV4uyOMV8XkKaRlAP2jM%3D\"}]}\r\ncf-ray: 9868b81968b556b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13152,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"f8affdf8d4e29463d1afe23be69eda62","sha1":"c00e5f0cc8f7a2797c29921a37889915ca3ace1e","sha256":"e07405a1e51648707840704e98da03c3f32e438c9c36042d158823da5b9bb4d4","sha512":"99c0b3c867b85457dc4b165e36c3d739ceaa9cd3ae95136acd04d888bd3fd31b2caabe0ecbc26593e555d75d803bb11a116aa5fee42d054125f22e34136f149d","ssdeep":"192:GQS97oLOGlyizrYiaEdU6HUZz8bJH7uLX8cNiRXxWWzpu6U2xyFCsGJqmgijfeHx:GfYlyiz7Xq1ZqJwGzp3U20wRJleH5Ez+","tlshash":"6e42d017636453805faab16acb9526241d17ba382f56303d2e94f3ca67f1d7eca20218","first_seen":"2025-03-15T21:10:47.631251Z","last_seen":"2025-09-29T04:26:24.301264Z","times_seen":33,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-d545-feb0-7e26-4846.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-d545-feb0-7e26-4846.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17945\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cqUZGPa%2Bk0ZJVavxIexSIwi0GSmDTRjqSx7ML%2FC9PkLSZwohc4Ax6oEI%2FwIjRyvx5944M2ZX9DVq%2F4PQyo5rAOplHqwSUhQ%2BpaXXoQo%3D\"}]}\r\ncf-ray: 9868b81978c656b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":17945,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"5cfbd280d855b6db1ebbeda8301bfc3c","sha1":"a2bb5a8536a9a47f8d09512c6a7ea458f6bb62d0","sha256":"732ad7fe17f222b9617c159f1563fa96177b85123b6ce078f7401cdccfb46fc6","sha512":"cb3bfa3c39e0a2db8d6849f2c1116440cf116ddecbfc1fde0bc8901900e61aff7033141d292e3ae2dbee58106c868cecf8a89f69a6778c64a402fd4fb3e2f319","ssdeep":"384:GfDY0rHNyCIhrwaKikhGHm4rQzNN/qAZAGeDZA+:GfDzrHNyCIhkaKl4KNxWGe9X","tlshash":"4282d03b0c2e52195b2bd3e0ed1c344541f5361c263609b66233ebc6b2b3d76447c6b8","first_seen":"2025-09-29T04:26:24.301798Z","last_seen":"2025-09-29T04:26:24.301798Z","times_seen":1,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-fb07-d96b-f793-4af2.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-fb07-d96b-f793-4af2.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17271\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zGqWxNaL3tP5qVG9nDN3UuCay%2B6lHqPK3M9z0HynTEo75EXUUdy1wgHow9kJ8y%2BgotmwuXBx6qb43C%2Bq7B%2FejdjWhN5Mnh9pZBxIz54%3D\"}]}\r\ncf-ray: 9868b81998e256b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":17271,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"0c90a72a4cdadb55d3f70b439ccc2d3d","sha1":"08986e7d672af71d5f0bef6877184af34ea6d4fe","sha256":"d3be404d01a4dee85328f28b6e47f25c1cbd83f5e4d2a48aad6498bcdcb2d8e9","sha512":"987e5b5378815cb40491c9da3b061860925e58ef6b868a2e8281baf54575a5aeeb907fb65f4712fe351983f00e7a447c454da7e89055f833a24c7440ca4db8e9","ssdeep":"384:Gfdd0LK4cc09DF/OhEshVuC71u85o3XfNKqRiKRl3i/zUNsZKmh:GfgdcR5SDZ/5KXfN7RBl3qzasZT","tlshash":"a472c019ecd00470db84cf6363efa083c0142ad39aab4f7c05f56e567620dba6c6d2d6","first_seen":"2025-01-27T02:34:44.699702Z","last_seen":"2026-01-17T22:16:49.593027Z","times_seen":91,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-11ce-bbf9-2216-43e8.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-11ce-bbf9-2216-43e8.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19972\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mEbAkgecc36W50vEa3xHwz5BVA78x%2Bf45ZkV54gcTN2bt3I%2Fh0GRbNLCqB02D3k0pt4LkJSIRufvdLeWm6D7SMRwJtIzQ%2Bq8lWVAOrM%3D\"}]}\r\ncf-ray: 9868b819a8ee56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19972,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"c628faccaa665d4a8fd3a7fe11c41eb2","sha1":"e8204426c4748e7e10156c697f34fa39f3e67d13","sha256":"80c9defca8a74437cfb0a1f59f84e21cf7079bd88adea26a6692382da5fe0642","sha512":"51d64c12112b8dec275747fe12f8057ac40b67e986de84d260fe24e38c9b0d921e64560e369b8f68352f42d3125b3de179bdd453d085b61d141b7cb23f65f64b","ssdeep":"384:GfT4Y4TEkm5EPTYWWyKHP5IXXhjfD0WxyII73PeM0:GfT41Tdm5oYWWNP5IhjuIO3S","tlshash":"0292df1eeb058b21eb677d283a4211bfb9eaae8644e8a5f00730077176c1eb5163ac11","first_seen":"2025-08-05T10:28:21.106616Z","last_seen":"2026-04-10T05:18:50.666051Z","times_seen":81,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://neufneuf.space/","date":"2025-09-29T04:25:49.406Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: neufneuf.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: wssplashchk=e7bbd9a18ae3c428649bc11a6493b47ac1540509.1759125037.0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Mon, 29 Sep 2025 04:25:49 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nlocation: /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\nServer: cloudflare\r\nCF-RAY: 9868b803cc9c723c-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10102,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":2,"dns":0,"connect":1,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://neufneuf.space/","date":"2025-09-29T04:25:49.408Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: neufneuf.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: wssplashchk=e7bbd9a18ae3c428649bc11a6493b47ac1540509.1759125037.0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Mon, 29 Sep 2025 04:25:49 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nlocation: /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\nServer: cloudflare\r\nCF-RAY: 9868b803cc9e723c-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10102,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":1,"dns":0,"connect":1,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/favicon.ico","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://neufneuf.space/","date":"2025-09-29T04:25:49.405Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: neufneuf.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://neufneuf.space/\r\nCookie: wssplashchk=e7bbd9a18ae3c428649bc11a6493b47ac1540509.1759125037.0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 29 Sep 2025 04:25:49 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: BYPASS\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sY6tcLsvVA9NYVhEPhait8ErDKgdcTrWK2SJjNfOdiHllI7QFr3TedJK%2BWVxZGOmFyBJ5a43TfsRirc2tiZdSix2wjMXeFDiULYStA%3D%3D\"}]}\r\nContent-Encoding: gzip\r\nCF-RAY: 9868b803ca9ab4fd-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-04-25T15:53:16.944976Z","times_seen":120983,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-c3f8-c91f-7c18-4341.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-c3f8-c91f-7c18-4341.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18687\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FA0jAuvNLamLMj5H1omdlzz0smhQN3%2B%2FU9pCY2j%2B706YzVpeznirYm55fyNLu0MKIS%2BRD0FOE%2F9CI9HZbvjj6gOFuRnNGRll9ryVD%2FA%3D\"}]}\r\ncf-ray: 9868b819689d56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18687,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"eab8c126856616efd7b0b95a6c6e93e3","sha1":"d3323482fe695bec31a9e58f562cbf333a96b287","sha256":"a91e050f3422390a5bccf72a779d18ce6a60b7699141f7938a0a1e7e47ae3c18","sha512":"9a62624d05f2ed196f10eccc4b0ce34083d7e5f15858761b01c0cb020bd8c0f63a15918fdfecf056c1a77ac30d86c4c3833c24753b108156f40fd06f6614c586","ssdeep":"384:GfUxv8FK3KB7JEr3Hjrh6KlUZxLLbHpimDHGacK080vHDmgUtBmX:GfUxcK3KR6r3HllgxL/pBH1cKNwmgIu","tlshash":"9882d180c869526aaba012b1f14342be10547057787ce8fc99194c7f508bdf9eda3ba2","first_seen":"2025-06-01T04:50:52.953279Z","last_seen":"2026-02-22T18:45:37.420381Z","times_seen":39,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-bf6a-fbd5-a2b3-4cf1.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-bf6a-fbd5-a2b3-4cf1.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14927\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Bd7vM6dRUJ%2BjLnFIBbQmaqrk1q%2BsvbLZkhvv7BPadr4X0wd6pRzWoSjq1sIPqNOmsi6niKQ50DEnjiqZj86ZIyC1ETp1tbG1wI3mLTc%3D\"}]}\r\ncf-ray: 9868b81978c056b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14927,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"d10713bb5d1237c3be4b4928e0c886b2","sha1":"ef00886e32ffbf5406a8918bdf115716556f13e1","sha256":"54b5d62343c800098b5d1d2da8cbd758411c7eb960729c4e544f7572c755b57a","sha512":"e91e4fee184d9d3d6fe3a185d1842afbc1c359a5e496c9a71e37e95a7e698a72fec47d418cfba1be971a4a35a50f25bfc230774f71530419ba8df52cfc4378f6","ssdeep":"384:GfqAGjQx9T95ySlXPN3Tt4cTRiyvNpr1SVdXxd:Gfq78x9XdlUcFvAX/","tlshash":"6462d061b6e55362c747d211ed02f0f81e2dcd34f91667ba9194d6f2dc19eb181c0d82","first_seen":"2025-06-14T14:10:26.980334Z","last_seen":"2025-09-29T04:26:24.305619Z","times_seen":26,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-20a5-f1ba-9cc7-4dc3.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-20a5-f1ba-9cc7-4dc3.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14992\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=myjm%2FxRHyzVaFAjEpSc6%2FacCi509vE6AfvQFfJyDjC%2BAlNsIelM%2FQm%2F15TCXMniP9AKZVen6ZbrjrbnMh8j6TPhaTBL3m%2BKpgAeLicw%3D\"}]}\r\ncf-ray: 9868b81968a156b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":14992,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"e8424d07adeca2b7ff965035f6e1f630","sha1":"f395eb008094f8d3b8bf94a7f70748e931d8ad8c","sha256":"683249d96e9efea7981177fa2d5e80edf40c4efe3c63f0096a531adabec2bcc9","sha512":"a1ffc3240ab8fb8d7740f7bbc678d1392b91a0a2f7350030a8e62af424b61ee740c1bb88215bf07da6c5dc62622fd1778033a7a259afdb1497ceae7340119013","ssdeep":"384:GfheaoRZd4HH9m9nXsHZxLY+OcDoInJPz:Gfoj6n9m4c+OcsInJPz","tlshash":"6062cf28b5697150bb96559b140bf84b617a30023c20b772b624db7a75cfef374a1970","first_seen":"2025-06-30T02:46:47.995716Z","last_seen":"2026-01-28T03:21:31.669827Z","times_seen":33,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-70ca-572f-5d59-4abb.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-70ca-572f-5d59-4abb.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 21695\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BESKYSDPO2UyGyXE8Nf4Q4FDllg8PW%2BMNesO0diQKW4cg2SnnQAbIkMSTQpTsm2kCTMe3wLZzD0J3%2BmzwsvnLUkiIt%2B8%2FQSMWKkfiXg%3D\"}]}\r\ncf-ray: 9868b81978b856b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":21695,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"a3f74bc7dd3d3c557b42633aa892ce42","sha1":"1dde5e7430745df2c8c6f28775b5a98527ef7560","sha256":"b501949608482644ef21e3f6c9412358493413eda17a0c25289d9afcd8496be9","sha512":"803b98ce3d9f04dd04bd32057f9adb7f4368921b2419dc16193932078c73b5ee46cf546fa9ae47081ad8152077d6525014228dc20a0f5a630ab927bba1638784","ssdeep":"384:Gfp+954unYQZr9f2wQIbBrVOwKNwl4t7DEj7bDRq0YIA3Tx/weHzS71SlNS:Gf0uyFQIdRWNwKt7DEj7GuUy1Us","tlshash":"e4a2d04d77ba5e18bb64092240735de7218df4807209977178c15eab2f62ffd0fa5316","first_seen":"2025-08-24T08:34:50.272287Z","last_seen":"2025-09-29T04:26:24.306713Z","times_seen":8,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thewsere.top/pntne","fqdn":"thewsere.top","domain":"thewsere.top","tld":"top"},"ip":{"addr":"212.117.186.252","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thewsere.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 20:24:46 GMT","end":"Thu, 18 Dec 2025 20:24:45 GMT"},"fingerprint":{"sha1":"B9:5D:7D:46:A7:5E:80:AE:8E:FB:9D:86:85:2D:F5:2F:37:93:CF:1F","sha256":"EE:B4:2F:8D:75:C8:45:74:48:95:CC:73:F5:84:A1:DA:E9:28:3A:A7:BD:C6:55:DF:22:75:35:E7:48:35:8D:4F"}}},"request":{"raw":"OPTIONS /pntne HTTP/1.1\r\nHost: thewsere.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://flemmix.monster/\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://flemmix.monster\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"0d7a61a5ae2424f444691dfa38e694ae","sha1":"dfb2f770cb7740844d94d2a2517af244b34c56ae","sha256":"e3c083d0e62029a9fc90700e7effced43eb213718ad4e7517e5b05a5a0ad9e49","sha512":"dc4531ceee0347383f28990bd01470ce323b0338a83b5b51e2640e3a9d1509346e23fe490ebfaeb4d7a86fd8ef22d2d6465990e6cb6583468d47174b97d25d03","ssdeep":"","tlshash":"8a30000000000000000000c0000000000000000000000000000300000c0c000c000000","first_seen":"2025-06-10T16:02:54.181066Z","last_seen":"2026-04-25T15:00:23.833236Z","times_seen":1558,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":123,"dns":81,"connect":20,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"thewsere.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"thewsere.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wrathypenitis.help/cuid/?f=https%3A%2F%2Fflemmix.monster","fqdn":"wrathypenitis.help","domain":"wrathypenitis.help","tld":"help"},"ip":{"addr":"212.117.186.92","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wrathypenitis.help","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 21:21:47 GMT","end":"Wed, 24 Dec 2025 21:21:46 GMT"},"fingerprint":{"sha1":"AB:7F:25:A4:47:EA:FD:C0:FD:04:9D:5B:DE:04:FB:AC:82:37:67:A1","sha256":"8C:B6:C9:8F:CE:4F:DB:23:24:8F:04:DB:40:06:BA:C3:2B:0E:91:55:37:A9:E1:FF:A6:E7:DF:7F:FE:FD:BB:65"}}},"request":{"raw":"POST /cuid/?f=https%3A%2F%2Fflemmix.monster HTTP/1.1\r\nHost: wrathypenitis.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://flemmix.monster/\r\nContent-Type: application/json\r\nContent-Length: 10\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: application/json\r\ncontent-length: 32\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://flemmix.monster\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: a97fa794a0f9=670d72f89a24bb06780753; expires=Sat, 01 Feb 2053 13:39:16 GMT; domain=wrathypenitis.help; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"685f1399ee1da6c45141250918318af0","sha1":"97324ef0c33d90d66ba5b87103180bad8898c11a","sha256":"29d7541436a6fb69b5e1d72d3000d282b794d868f61d0b2df85c99947d521e16","sha512":"c886da02b19bb516a0ee4f45160a7a709f049cdb81e02e21c06a8ba2d69b822c878af69bb19cd36533050a780bdfe1c13400249d1ef7fcd2726fc20c1b5bbe52","ssdeep":"","tlshash":"be8004141fdd001d45041c45c4d104030505305f41c00150301c1f41134000f50ddc33","first_seen":"2025-09-29T04:26:24.30726Z","last_seen":"2025-09-29T04:26:24.30726Z","times_seen":1,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":42,"connect":20,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-c9e8-460a-98bf-4698.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-c9e8-460a-98bf-4698.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20757\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FoV5wv%2Bc8ubtC115JNqyumGtxagWg6XkCfE1i0vff0ObvcixJG1BF4qCu0t6YTqP7txDaY%2FJYz2r5wXZv4bDWgfKGA4Vt8WaKNyqEIA%3D\"}]}\r\ncf-ray: 9868b81978c156b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20757,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"583248bc18702da70c55a01402aa2618","sha1":"a3d160550ff35b3eab91958a64babda19ea76e03","sha256":"15b1c2867b043c609d885c1709681be99593a4bb16fdff04b06dbd0e9e90eadd","sha512":"4f34e0ab3c5f8bdd5f23a22e1fed86d79e5395eb36a687ee8ce1ef90cba3dd11c3bcf3c7d01f2e222144568799fdf3e6c65ecdd2c2c40195414dec2d4e61736f","ssdeep":"384:Gf4wEDwJ9KllLKA93tFQAJUvMgNCknBbLzKd5U8OjX7u3U2Dc+vhGl/GueJ:Gf43wJ9KlOqJU0gNJBnmd5cjX7uk2BhJ","tlshash":"bb92d10a94d58bdc8b655458908e489b0d4fde174a379970fc84243d5df0cf2eaaf3b9","first_seen":"2025-09-29T04:26:24.308317Z","last_seen":"2025-09-29T04:26:24.308317Z","times_seen":1,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-3e11-518d-ee68-49be.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-3e11-518d-ee68-49be.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BvBHvRYJ0m6D%2FQGmyEBKO2Gdb%2FvHQlYiLlyU0rXmspry%2FBXMlHe3hFk4z5iaQ9t%2FNsLCm5T3r9eRmPsOcXr0i2BSaKJ%2BbdOmn1Pr70E%3D\"}]}\r\ncf-ray: 9868b81978cc56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":15019,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"8239e000d35913635ef9dd022d1ae971","sha1":"857763980cd33f5605b3c1d8d00bc2e08704657a","sha256":"b21c96ed8608d415bf36c8e1b7c266762b48d7f509bf9bebd9bc74867b409864","sha512":"695a7877ed3e546e6ad92ce14a1d9c7071dbdeb19b97faf976c13ad61ccd6be0511034284028eab4c6b710ca0238ee28cb7fccb5bf42f4280d8143e9c7cf5b95","ssdeep":"384:GfI9hL08NnS8fa7zHGmU8pxRysHHHI4bvXAkCtMxrhefkO859VgUy:GfI9hzE2czH5DRBnTbfJBO859Q","tlshash":"8462c0be1c0add0013cd3be95b52c52d152d51723e64bf34a324e09ab6b1c3aa8b8d5b","first_seen":"2025-09-29T04:26:24.309339Z","last_seen":"2025-09-29T04:26:24.309339Z","times_seen":1,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-8c3d-cc0a-183b-4e40.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-8c3d-cc0a-183b-4e40.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16660\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Uy5lqF6gNryH3lPKTj2KtT9ft%2FdhMv4cz9PNv7MXv%2FRekWgcX8HSmE0wK5aCdFFjjMJya18bFRWXlHOuopj8675qMEoyU2gTk2vD2xg%3D\"}]}\r\ncf-ray: 9868b819a8ef56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":16660,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"3acf58b459688d6e01701463c570a589","sha1":"be79add0b2da0f86465ed496cfb584247799086a","sha256":"5bdff8178151045992a1f2515593bb02a8e991fc98ebfc8826ccdd144a98bf27","sha512":"6140c4ef0fca7db84f5f697c7727a30651ae22243a2dfbb8b9bfd12e81afa57b0a425ba3762ccd095404994fc459ac986edd3ce8d76dd99001574f70300bb0ea","ssdeep":"384:GfDRD7YwJRotg4pXMjZvEBbqaxATC8pZb/K7LveM0N4x:GfDmMom2MjZvEB9f8pZ7Mz4yx","tlshash":"7072bf662702bc6173fa8bfb774d1056806a3c0e6432f1a82e16ddb4afb0e78655cd5c","first_seen":"2025-08-11T03:12:30.355812Z","last_seen":"2025-11-15T19:32:09.450703Z","times_seen":41,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/cdn-cgi/challenge-platform/h/b/jsd/r/0.9936750926767817:1759116286:F6xQCnpikQQGxJBeU1LG9jF4-yCK5TlKUybIaxb7otY/9868b818282156b9","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.9936750926767817:1759116286:F6xQCnpikQQGxJBeU1LG9jF4-yCK5TlKUybIaxb7otY/9868b818282156b9 HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12079\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-length: 0\r\nserver: cloudflare\r\nset-cookie: cf_clearance=KUVAgQRGF8GVMYMqUp1bg9U0EUcovdq_Ah9jTUF8hUY-1759119953-1.2.1.1-8lar0c6RH1.QPuwPJnPxv96N44P5A9W710UDdtWLy4flXMy5WSCDLceBrI7QbG.YY9bnfUu8RF6S_ePtzyftTXI06ffA85e.6W_jMivavuCDwLat6u8r1lxACu1fUbTKP5bTrGSFghwkXHoy3sZRPPU9Aq7El3bAwcMB669uZT7tGrlckH0jzy6mcEd8JdQbb8b809qIaFdLOJciqMQ4Wa.g9gjVYwhQxFUDb9RdhwI; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=flemmix.monster; Expires=Tue, 29 Sep 2026 04:25:53 GMT\r\ncf-ray: 9868b81a493156b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-31ee-444e-2db1-46ab.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-31ee-444e-2db1-46ab.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12911\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ByNV3pzviQfJEpTYLaS0Lm8IsqZL4MEY8SitibmfrcSU3va9xJnAvFAvopOMSUrNm5ZhH6aTH0EdKCeic%2BweNhN7NyfqJGUkM2UyrSM%3D\"}]}\r\ncf-ray: 9868b81968a956b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":12911,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"3466ca9922cd1c643b596e731eba0f99","sha1":"46bc8debd03d5330644a4834330c71d48230bc39","sha256":"57f3b82048b5c1b68331b6df903366e365a7eef53df1e38a6bc338ff5e834e06","sha512":"c5d1a2d38054d9073c989ed64e1766379c67d5922f4527022b18e32af95378bc91c62e178b1511c543fa9c02d0046e6a5dc3b15bd510cc8125cf7ca87c2ba927","ssdeep":"384:Gfs5EXtzHyX4ZtRsbrh1nFSgnsmLtr/i0pvo/5C:Gfs5SyEtRiXnFhRr/i0pv4C","tlshash":"6242c1871693d216cf1b69315bcdfe75c39ac1f1263566b30d0229cd852af38660e36e","first_seen":"2025-06-15T20:16:05.462819Z","last_seen":"2025-11-20T02:38:04.283248Z","times_seen":30,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-b6a4-ba56-7a7e-4649.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-b6a4-ba56-7a7e-4649.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16920\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LVmbBpUSzG%2F%2BGUf8ZI3%2BWtb3E%2B4tsHQlZJwXfqaSKx52elYrgCKlaB5IzR2XkFEDXxdJHwub48E6g2T2Mwju6u1FxBJ4mohO9mtwVW0%3D\"}]}\r\ncf-ray: 9868b81978b756b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":16920,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"560e8bd11eb42c8d2b8390a46963cd75","sha1":"156521e64b095a6be74c53ea824ad0cf842f9587","sha256":"15ac15cf7bdaeb3ce368ec933c59122da58452d077c1c1212f2b030324b9c9a7","sha512":"9e6b2cc0c6696ca82208e26451d47e066afeea9f1b8091c7b9aa517e449bce7aab5f4e9b615722b282e6620487d9faa98ed0ce0fb3e721a72e28abd33b5e96ea","ssdeep":"384:GfLzfjH9lV33dLkEBqZT2F5/U/x2gMrVJO6/r9QdmzrXr7VlDBQg:GfL/H933JkW7+2gMrnXD2K59Bz","tlshash":"9872d0e87faca2f1533519990d4f11bb43e454d5a31268b1abc19efc81e8dbe303c961","first_seen":"2025-09-24T16:24:04.154393Z","last_seen":"2025-11-26T19:31:16.774579Z","times_seen":4,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js?","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://neufneuf.space/","date":"2025-09-29T04:25:49.424Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/5783333ceb22/main.js? HTTP/1.1\r\nHost: neufneuf.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: wssplashchk=e7bbd9a18ae3c428649bc11a6493b47ac1540509.1759125037.0\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 29 Sep 2025 04:25:49 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 9868b803ecb2723c-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10102,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10102), with no line terminators","md5":"e3ca84c1b3ee845e14b5128d005822bb","sha1":"909308ab3f65b86db2b79fd3b537558d1c65fd72","sha256":"0599280c17c9e0904c8050be706cdc68b792c74279a7ce21b27174675555100b","sha512":"04ceac7b2936501c9ee5708f6a51548f03d15926d501a4134ffc7c34e5e6465d273ec05fdecb2b97262f872f99ddc8b68bfee56d43ead69844b06d0c1a1a272c","ssdeep":"192:wnxH1FqL/BwmshB1G5AL1+1O9QleU+dhacAZZaxbM+7vC:wYNwxG5ALsmgeU+d4cAZZioJ","tlshash":"4822c48f3d89e02595761df0643b70d711a98b2a20be5e5e9740ecf87c31768287df8a","first_seen":"2025-09-29T03:47:39.298829Z","last_seen":"2025-09-29T04:26:24.285811Z","times_seen":2,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-7f86-efa9-c8a4-4475.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-7f86-efa9-c8a4-4475.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QclmZ3XoLd6B7ak2ZZWmRLroThDE41hHbKHDgcmydYoLdKwgFikdAdw%2FYo23Z%2BNER2boc4rHodSorj2%2BAoDGRCzyap1w%2FGcNWk68p7Q%3D\"}]}\r\ncf-ray: 9868b81968ab56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19315,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"f6e7d4dcc29653d718e366723898be32","sha1":"1adbabd6a5f1b95d47ab9d2bf454bda35ea4c04f","sha256":"53564a9d09f53bbaf9b05ec4b8ee70c132be1499c0b4dc93d74ecadf8fc1d630","sha512":"ad9d37cb3b8496fa2cb6ba37ad83d478fce54f34fa4f90affcd7cb67bb4bc27c292b69760fcbbc29a3cce1aa674b011b28d77bde65e1e1bfb93584ca3d33413a","ssdeep":"384:GfhpeaSLxZvO9GCNDIsGQKhen+DaCgUEG1VpgI7NnSwQJ50ML1pqF1U:GfhHSfvoG5sXDEa4ET4NSd5AU","tlshash":"4c82d0b8095940db234973ea0d1d3eab19f26e5a58b63c362c3842888788dfce49d2d5","first_seen":"2025-04-16T00:45:48.880348Z","last_seen":"2025-11-08T11:37:13.948456Z","times_seen":37,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-3f2f-d414-a458-44f5.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-3f2f-d414-a458-44f5.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15525\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=249%2B6rxTga%2FsF4gmTG9ov1YEDeZEyxlTuFz5thVmqBo%2FRr5R5NIpfmOpt0khCazCiwfCtNvmn7IhKjYnkiqII2Amke2jbZv8KbmmFwU%3D\"}]}\r\ncf-ray: 9868b81978be56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":15525,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"b5b6d62d8ea0a88f976e63456eb71170","sha1":"e06bfa1a5c54cf2f849aa0fbbad61629c7af99e1","sha256":"9506fd32a1984d3b937a1ba3b6cbfe0780f55f0de827490a98854740bc963f27","sha512":"bb663f857bcb232602750ad49f797896caa6430e5f094da36df2ee95172e06e4cdd6abff41b6dc11e7f42f6b9dbd506b8bf09ba9e2a7f3489131222ce2260c8e","ssdeep":"384:GfdhmTL44kh5OflPC6RjqTWvBZRecP3ZWBOLZIYfN8E7+oBI:GfrmTnO5Of1J1qTWvvUkztBfN8QfI","tlshash":"df62c1c9030f5f58e7f1c2fd516af6e551170d9f98e4341e0b21b0e6b660e7e9a5510c","first_seen":"2025-08-28T04:32:01.866762Z","last_seen":"2025-09-29T04:26:24.313169Z","times_seen":5,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-04b7-fe28-9e95-49f4.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-04b7-fe28-9e95-49f4.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10498\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gkeofwzM0ItYiJbJiHgsdnDbWlOgD%2B41d6GwmJNZTIMrvoqvCqjelNAskHW8truPLndz3KXwBs3DYcbyMG7hWiNFUD7ZOTGYqoymhW8%3D\"}]}\r\ncf-ray: 9868b819689a56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10498,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"8b7183af0063f2983bcc5e25a8fdb171","sha1":"9b99ea73c2074ad4ac97d13d15979096294b2b82","sha256":"f027743b90c93c2eb6ba12e8284761c1d17243166d3b0af4453ae81bb1f8d518","sha512":"2c2c8714de062546584001879b7ec2e66584d134a6653fd3f32256facb112180a23fa8bce47de45c850a76ca4fe1c19922bea12f8f0b6f0250bd5992114e5fb5","ssdeep":"192:GQS60Gur1691ft/M9ewuwZY96W0b2eQNdBdDOdFVo21bzAgDPICA4G9r3:Gf60GurMTSIw7kj5e0tqdMinAoPInTr3","tlshash":"df229d1b9779f60493f158f629033f9e9289bd01f4986333a539266cf231c71aa1c67d","first_seen":"2025-09-16T09:41:21.396643Z","last_seen":"2025-12-19T09:42:00.36058Z","times_seen":9,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-a83e-d740-652a-4590.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-a83e-d740-652a-4590.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18621\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PCRINJPOES%2FQ94I1kndO%2BhXGQCd9blxfo6%2BjaKPYHtM5atsPGIxPjBzyhnn%2F2gF7HRoFTrL4%2FJ3iBHdD4amBZOpvF4iUv0PcdTww50Q%3D\"}]}\r\ncf-ray: 9868b81968a756b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":18621,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"f61f072f36740cd520fde79851d2b4d1","sha1":"9b221989807b0ca715c400a243a9c3e63506a318","sha256":"622e87fc8a44e26026273ae44f6c823d7ff4ecdcb0c20be2314ae5c130786500","sha512":"ea05379f7df0629d6e9f4091d0642fea4289006855cb979da4bc2a8a9dcf3f125958df3b5ecc21e62d12275d096db353f4771bc135b5264c117ef2c4fe658ece","ssdeep":"384:GfUe2L5WjNeaVsiVVaKudXEuPOhSB6I+N5Yk3czKu:GfD2EdsiVVaXpGhSUN5Hczb","tlshash":"3382bf21fe31d4242b8b0c79c140a2a73067aa7a36fec63bd944d635d146ef6861d9ce","first_seen":"2025-06-30T02:46:47.980546Z","last_seen":"2025-11-20T02:38:04.282397Z","times_seen":27,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":150,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/engine/classes/js/jquery.js?v=4.2","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /engine/classes/js/jquery.js?v=4.2 HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-length: 28020\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 16 Sep 2025 06:01:17 GMT\r\netag: \"15d83-68c8fd2d-af4f8572e9969af4;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 4509\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IrosECIRRsm1fgMxlIZ3NDJrmljL%2FSc%2FLwAG%2Fu30bQzzt4oy90mfv%2BIos%2Boiq1QctOAZcDQw%2FQ%2F5m0bDmhAXGTfFuuOdn2jSUuccBVI%3D\"}]}\r\ncf-ray: 9868b819d90c56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":89475,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"12b69d0ae6c6f0c42942ae6da2896e84","sha1":"d2cc8d43ce1c854b1172e42b1209502ad563db83","sha256":"6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f","sha512":"a55f55d56899ab440ef0cae17b28d5cc8f5b9766d1e9bc1a8ac6b89376924b476c1ab0c325497eb5d44af41f4ebf8eea236d87a36902244b8a3eca54994b8711","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakV:AYh8eip3huuf6IidlrvakdtQ47GKl","tlshash":"e893f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:02:27Z","last_seen":"2026-04-25T14:23:46.292483Z","times_seen":15199,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-29T04:25:52.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://neufneuf.space/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ihfKUwF0%2FsjF2qdVJ0BLiQqqMEM0Lag3vPLFEUoV4lqLUaTVAqaDQWi11IZ6Co0h3ylaqCMMYRJoxYQowwqFLsDQ1x4HVGjK8uMLBpg%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9868b818282156b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"reCAPTCHA","description":"reCAPTCHA is a free service from Google that helps protect websites from spam and abuse.","website":"https://www.google.com/recaptcha/","common_platform_enumeration":"","icon":"reCAPTCHA.svg","categories":["Security"]}],"data":{"size":113968,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (585)","md5":"7aa955d1098f726a5a797353fc9396af","sha1":"d3e56cd0c6cc579260635abf03364d20ffac6f2c","sha256":"2b46be5321b0ea1cb3768b2116f7234b008d58595ea66988d9b96125a62505ba","sha512":"9909031674a92a367b30df298b8bd0083c71df9afa1c56e6acf7aa0826a885933783c6c76d5ace45fc4826e21636a093f0573c460b43f6dfc7d73afe57d4d8bd","ssdeep":"768:6I4Utmc1+ZuAMANlpYdBShiuqa3dfan38hClbj04CAYqtGaMYjMK4WE6NWmtEFb9:R3YZO4mh/N/E5Thp9FGw34ag4gx/2","tlshash":"62b3a632479c192b121762c91064771e70f78723e9635645f2ffb79daf82de0dc2a0aa","first_seen":"2025-09-29T04:26:24.316435Z","last_seen":"2025-09-29T04:26:24.316435Z","times_seen":1,"resource_available":false,"data":null}},"time_used":671,"timings":{"blocked":258,"dns":0,"connect":2,"send":0,"wait":155,"receive":0,"ssl":255},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-142c-2865-b73b-44dc.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-142c-2865-b73b-44dc.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=62Ofx%2FgdE5jv7FoU3wsIHjVJU4yse4k9hi1s3%2BkzVVWkj2q%2F65ezhdlsi2enqUgd5UeUzHVXJTT4cxRWgY4%2Fu6YQVRRZUBSVsFW05gE%3D\"}]}\r\ncf-ray: 9868b819689656b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10370,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"58d4a51eed87d91e2e136c9dfb241522","sha1":"8627111b600d11d5df0a9292f9c484138ff7cff8","sha256":"c127df8d239e7ec332479ce567f853615ae269cf4ad2901846dbadeffbf354ee","sha512":"ccac77ace24fc03a7fb50cf4ac1888de64acbef5a63781bc7e820f8af7545884a305749c3b41f93579c6bac8e09e754c36c23f770e80aff5fd2a7fa9ceb8e333","ssdeep":"192:GQSzze6rXI3hKrUN9G8uwBNn4cbtg5O0H5zd3Xxzn239r2kB0v23B:GfnxMheqs8uEBpyd3hmr2R23B","tlshash":"1522bf593739b85cbf8609796c2d319bb1a7160468514af327832dbdcc99cb8934cb0c","first_seen":"2025-09-16T09:41:21.414201Z","last_seen":"2026-02-22T18:45:37.393904Z","times_seen":15,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"neufneuf.space/","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"172.67.180.124","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-29T04:25:49.192Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: neufneuf.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: wssplashchk=e7bbd9a18ae3c428649bc11a6493b47ac1540509.1759125037.0\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 29 Sep 2025 04:25:49 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 16 Sep 2025 06:10:20 GMT\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y7Qwd1Ry9u6kPUTE07vFyRJAkjLfKXWu%2BCGdP%2F9Q42yhYR2lRCyeuktVDMoi%2F%2Bc3V8oEF7xAUsiP53HFflwEcc4Rt5JJj0jJxee0Tg%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: gzip\r\nCF-RAY: 9868b8027a54b4fd-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2680,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1068)","md5":"80cf945982a48cbc7b581dace158e677","sha1":"9a2479c9170c1cf759782b9a5be57233726779d9","sha256":"f9e5b8fcce2412124f7296953f21f1d6c1c305ea29a32c42bea0b56fb8987458","sha512":"725b16f8160a22b6ee74385fd1e3852804c8bc937a02a55f40bb0661a11986ba0d6a039a395b030e6eef5632e29a509baa7d91180c5ff4525d23de89400a8aff","ssdeep":"","tlshash":"735193676e130129b543906423faf7593372e013a60ac588b6cce4accf95fd68cdba5c","first_seen":"2025-09-29T04:26:24.318053Z","last_seen":"2025-09-29T04:26:24.318053Z","times_seen":1,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":2,"dns":0,"connect":1,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cz.dimpleswraw.com/rYfTTRUFQ7t5Ok1/42662","fqdn":"cz.dimpleswraw.com","domain":"dimpleswraw.com","tld":"com"},"ip":{"addr":"23.109.170.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cz.dimpleswraw.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Sep 2025 06:53:15 GMT","end":"Sun, 30 Nov 2025 06:53:14 GMT"},"fingerprint":{"sha1":"F6:0A:BE:19:F0:2D:AC:3D:85:5B:0C:BB:97:9A:0F:AE:AD:2A:69:B8","sha256":"11:7B:F7:4A:FC:3B:EE:42:DA:DF:63:CF:D6:E6:B0:F3:0B:0E:30:78:94:00:FA:9E:24:A6:B7:43:9F:BD:EE:8D"}}},"request":{"raw":"GET /rYfTTRUFQ7t5Ok1/42662 HTTP/1.1\r\nHost: cz.dimpleswraw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://flemmix.monster\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Tue, 30-Sep-2025 04:25:53 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Tue, 30-Sep-2025 04:25:53 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":87149,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"2a35fbbf880bd9405bc1939a21012e74","sha1":"1f8a631d964915dd2c88e0d70513634d144e95ca","sha256":"21847b7032184bb0d2ac7dab7e908bf6481f4a3fff40039536a03f27210cfbcf","sha512":"adfbf5d16bef51e90352c3315976cc975efd9ac46baed8a578d949f395d443deda391bd8e6a51daac58160066ac6557b61418d3b24420016b2a906e044ef21b9","ssdeep":"1536:hB7BzzFI/qGxPJqvIVvhifTOsxDyvHubd8UT3+7yT0GaXK5GafacQH5QLp:pxISGx4vnyfBUCwyj5QF","tlshash":"7d831db1b77672798f9640e5e132a122d22e0c80308ddcb0e26f5d607f916cad5bd6f9","first_seen":"2025-09-29T04:26:24.319156Z","last_seen":"2025-09-29T04:26:24.319156Z","times_seen":1,"resource_available":true,"data":null}},"time_used":361,"timings":{"blocked":156,"dns":123,"connect":20,"send":0,"wait":38,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"cz.dimpleswraw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"cz.dimpleswraw.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"cz.dimpleswraw.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/engine/classes/js/dle_js.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /engine/classes/js/dle_js.js HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-length: 5707\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 16 Sep 2025 06:01:16 GMT\r\netag: \"71c7-68c8fd2c-71f9ef6223d981b2;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 4509\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AREitrwThVLcTe1Ti7amrctBEZHNBR6wqpOTsgk3iTF8VEY%2F43ONqpF%2Fq74FxaBvNirVNn9uSbTc7TJTNG%2BdlkDRC6mXxPz3MA5cfHI%3D\"}]}\r\ncf-ray: 9868b819d90756b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":29127,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (29127), with no line terminators","md5":"8bbf490f0b4b687079602ba8e4b5901a","sha1":"2a012c12b71fe17905fd716f07fb18e036b1583b","sha256":"e178fd236a39af9b4b75f8645650cc14dab23cede1bbe6ae29c48b0f40c9f0a5","sha512":"dd5b4fc4e711ed1edae199344a5e20b3d12fffbaba58bfd002724f6fc66114107c80666c6cbcd62a2289b65bcc95f749aa637340cf076d252307c8edd58f4384","ssdeep":"384:8kjpjti+yVCSHjbBzntcJp+ExLkvb5vPvJN5IvQnlQ8Z11ezlMWU:Vjpw+yVCSHjlztcJoExMNg21ezla","tlshash":"a0d2c71df0a57a2f07ff23ba25af545a90340b22bb004d49a92d93851d76e4dd2b3e3d","first_seen":"2023-03-14T06:05:07Z","last_seen":"2026-04-15T05:52:46.24505Z","times_seen":205,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-20bd-9bb4-8126-4a16.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-20bd-9bb4-8126-4a16.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22886\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UFQryGWiq2VMm%2BBDHhX5Ht2U0Qb6K3DDXvu0lwyhcM5J%2BDdYKxZnktqKCrXk2cj10pMoc7buMX80MFZrd%2Fb6EeWxfULN%2BqV3uIYTvLw%3D\"}]}\r\ncf-ray: 9868b81978d656b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22886,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"b71d9fc923a19b17d16cf0f29e28b3e9","sha1":"640b635f56c6b4bfe1ee75f8766d5a5356a4043f","sha256":"f64b3754bf33322939d1d7bba764d5444e55afc715dbdb7e3000407ecb0ddff5","sha512":"ba481a3465ca87a03067e21dc515fae676b4cc1716c55596355eea50548c4093cec4aab058e7c7cbe8ab4cb69538a8eca927ac710d043bd770ebe99629a6f3e9","ssdeep":"384:GfaBw41KXQBdEqIBv0DjUCP1WD/4vhN1EvrFW8O4bByD6AEXzQYr0AMcw:GfoPgtMnUCP19vh7K5W81ByWzQPxv","tlshash":"61a2e1383dd71891a71b49f0725ebda5d3a168c32a007771e871dc9a4ea4c70f2985b6","first_seen":"2025-09-29T04:26:24.320926Z","last_seen":"2025-09-29T04:26:24.320926Z","times_seen":1,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-332b-99c7-52d1-482d.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-332b-99c7-52d1-482d.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 25903\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q7jDaWmdLnfcst6ybN7CTL6RV%2BQ9cpYkDAl1oMQHmrVNEpvVwSlXBl8hkWfJzsupLLx%2BLXdlci0CGT5ZHKATUiolx0Wp0Z5Y%2BE75kTM%3D\"}]}\r\ncf-ray: 9868b819a8ec56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":25903,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"f40fa6638952e76ecff7d80df58d09ca","sha1":"068a4f06171dd4d3adea59055eca9c1ca1b9092a","sha256":"101cd88f97c103f4966c9f3c13734b95c53defe9343703c52f5692ccaa20d067","sha512":"9c65a12b1d46e15a74b7bb02110f7a60952c89e2d9c0dd6e2271ee652d15e0a8f8682d702c26405e1f8150f85ff15a253d3a266ef435642d74a8402f0d66aaa3","ssdeep":"768:Gf7YNFpNqMW1vjD3MfwGPhiNrtJ/o+zS4ZE8f:I7YHi10w4hiNBxo+zlyw","tlshash":"52c2d049be49c93b939dc05271427770b793148c36199c778e66c6fa91c0ffad0a6398","first_seen":"2023-05-11T06:10:11Z","last_seen":"2026-04-10T05:18:50.6246Z","times_seen":200,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-a150-4cd3-12db-4053.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-a150-4cd3-12db-4053.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HrFNs2MBI3op8GBoS7%2FRtP5wc8MVq%2F5A%2BvRv8brcMPeoWj2FdBb1lsw9bVxYNCL9I8w4U%2BNN73ezbnY4fW1Wbn64YVlxyQPM6E7W%2FQc%3D\"}]}\r\ncf-ray: 9868b81978c956b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":12404,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"b6f6f599664c3831964ea46618674360","sha1":"31d239fed4dcad3528ce297cb49e9b15b6747355","sha256":"55b51e274355236617ff4cfe84ab17dff14e698665a550cb6fde2d260fd9c001","sha512":"229347bd37bf9625184f6536a61c25feb3c42eb979bfe104600d7a99cfa3d3990ed575cc202f3baeedea99c7f134decc4cebcbcfd46f007c6571858ad8f9cbaa","ssdeep":"192:GQSuw8jQoo/6FlxBy3CI1n4QnMu7xsgU7FJ9ZzX23lDEwec3JFi6I359Z0LW4XS4:Gfbtgx2GQMuyb9ZzwegJ0pT0y4B","tlshash":"0642d05737a31a62a3f0407a121b60beeb7f03452a9abcfb94a14127f578c34131fd98","first_seen":"2025-09-29T04:26:24.322414Z","last_seen":"2025-09-29T04:26:24.322414Z","times_seen":1,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/js/jquery.lazyload.min.js","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/js/jquery.lazyload.min.js HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-length: 1121\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 16 Sep 2025 06:03:16 GMT\r\netag: \"d35-68c8fda4-2618f3d4fac37708;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 4509\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HIhjBp5ZDo%2FlWvxjHNi9s9RTkoa0Zq9%2BoKukzXtF024el9P%2FjYDU76A0%2FgvaELj6W9kscPY5NrHAsiJuMw%2F2Gzg0fY6xe1GNsWfOlk8%3D\"}]}\r\ncf-ray: 9868b819d90656b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3381,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (3309)","md5":"112c8d1b40b3e62e883c743e9d71e0bf","sha1":"338318e930487b2791a7bcf53ad4601630cc41e2","sha256":"ad79ce7e34d1a788809bb853031133de2ae45f3c19ac4955dae46c7490188c2e","sha512":"8cd0ed15feea814d1e1fff99e36146e1fc37c3b0ccffdcdb80d3dedf07c9942ca55434d3dc880a5b9afdd95cbd2076ba539d2fc8ccf981107222ee1821716d69","ssdeep":"","tlshash":"c761868d7f427839f0167a9e831f3106663ed46f81814c54b0c9ece4ececb951236d9a","first_seen":"2023-03-07T01:10:48Z","last_seen":"2026-04-25T15:53:15.60682Z","times_seen":5086,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-fd6a-58e5-7c55-4ebb.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-fd6a-58e5-7c55-4ebb.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ShJRL7aYcoZzVj4EJICk4fhOREq0gg9D%2B6%2BQFSVJL5DOiROIThkCvip3w8ZPVQk1ZXlVEheHGeKxlsEo6MA8UbPI6ZpmJ0Q1Ov5MtJY%3D\"}]}\r\ncf-ray: 9868b81968b656b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19997,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"52a9c377035e2cfdf2aee2589820b35d","sha1":"73ad3baac908de1eac338d2f6b5fed1173252a2a","sha256":"a4765d41012b489d6d3e612e79f31b40ccacdb39f50c7eddf7d1181f8c9d9da1","sha512":"5af6013d893d280d23c6a350df64f9875dbf724d6ea227fccea3edad7f16d15ade21c3672bf1c8cb37aa1f994b425f3437d38a33248a876a521f2b3b97d67ea5","ssdeep":"384:GfDL3ofvGzH4pQRLMPXLzEe94I/ss4HZMlwI52ly5NJSNk7gVtboRIy/:GfDEfkYfbzVvsk2I5NJOBtbiIm","tlshash":"8d92df3a270358018b0eeb2b1c1bad7112cc751421e2a6f47f921e3f1da3d755f9a6b5","first_seen":"2025-09-16T09:41:21.370401Z","last_seen":"2025-09-29T04:26:24.324195Z","times_seen":3,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thewsere.top/pntne","fqdn":"thewsere.top","domain":"thewsere.top","tld":"top"},"ip":{"addr":"212.117.186.252","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thewsere.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 20:24:46 GMT","end":"Thu, 18 Dec 2025 20:24:45 GMT"},"fingerprint":{"sha1":"B9:5D:7D:46:A7:5E:80:AE:8E:FB:9D:86:85:2D:F5:2F:37:93:CF:1F","sha256":"EE:B4:2F:8D:75:C8:45:74:48:95:CC:73:F5:84:A1:DA:E9:28:3A:A7:BD:C6:55:DF:22:75:35:E7:48:35:8D:4F"}}},"request":{"raw":"OPTIONS /pntne HTTP/1.1\r\nHost: thewsere.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://flemmix.monster/\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://flemmix.monster\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"0d7a61a5ae2424f444691dfa38e694ae","sha1":"dfb2f770cb7740844d94d2a2517af244b34c56ae","sha256":"e3c083d0e62029a9fc90700e7effced43eb213718ad4e7517e5b05a5a0ad9e49","sha512":"dc4531ceee0347383f28990bd01470ce323b0338a83b5b51e2640e3a9d1509346e23fe490ebfaeb4d7a86fd8ef22d2d6465990e6cb6583468d47174b97d25d03","ssdeep":"","tlshash":"8a30000000000000000000c0000000000000000000000000000300000c0c000c000000","first_seen":"2025-06-10T16:02:54.181066Z","last_seen":"2026-04-25T15:00:23.833236Z","times_seen":1558,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"thewsere.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"thewsere.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"neufneuf.space/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=7194721\u0026pdata=http:/","fqdn":"neufneuf.space","domain":"neufneuf.space","tld":"space"},"ip":{"addr":"104.21.88.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-29T04:25:49.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"neufneuf.space","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Sep 2025 00:26:53 GMT","end":"Sun, 28 Dec 2025 01:25:32 GMT"},"fingerprint":{"sha1":"0C:9A:1E:AB:86:97:FC:F4:35:62:76:10:91:12:7B:38:26:F8:89:3D","sha256":"F3:24:B3:FF:CE:7D:BB:C7:42:16:44:99:3F:52:75:2D:82:6E:9E:FF:BE:58:3F:3F:77:13:7F:B1:D7:1E:A1:38"}}},"request":{"raw":"GET /z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=7194721\u0026pdata=http:/ HTTP/1.1\r\nHost: neufneuf.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Mon, 29 Sep 2025 04:25:49 GMT\r\ncontent-length: 0\r\nlocation: http://neufneuf.space/\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fLsw%2F9C6xTsMp5ng0soompg3JC1ky59JXq3WOxD28aGbAQDWM1WJFf0VlnJs%2FK4wNGyJgnHN3bdMogqIZMNL%2BWIu4IHn0yt8rIc3pV4T\"}]}\r\nset-cookie: wssplashchk=e7bbd9a18ae3c428649bc11a6493b47ac1540509.1759125037.0; HttpOnly; SameSite=Lax; Path=/; Domain=neufneuf.space; Max-Age=3600\r\ncf-ray: 9868b8018efb5ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2680,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":9,"dns":0,"connect":1,"send":0,"wait":146,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-bb98-5e39-861b-479f.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-bb98-5e39-861b-479f.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22033\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DbiQZSzArIG2L2BMpcuCxfHGT%2B7eJhKETOU9QdtCMdxdpDHgaWxPMZ8H82IP%2BnEMuhKsIsE8ZRfE4Cm4CFn2kd7osP4UxL1EQJWPFDo%3D\"}]}\r\ncf-ray: 9868b819689356b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22033,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"bbfff66f31bc573890041826b46edaea","sha1":"702a5ec9a8885ceef2d27c8de0984ecf7428da22","sha256":"8cc75d702f607355eb0c21196f5ec97f88ffcae4aee096eb988371b24bf541ce","sha512":"1efea0322af9518faeeee16ae3fb2bdf8b2774a9ce3efc4432a7ad297d8232606bcd10680b7d91ec3f0f1fbccd628471d08aa5fad70d68a16f074e352aa44c7a","ssdeep":"384:GfM8lhbrUWNVfp00uoWxC+Ufyd6uyT2kD5DJkK8RwEwB0Q4FqJ4DEVwTo:GfM8flTfpZXWxCNFT2k9tkKmwrB0Q4Mv","tlshash":"cda2d0361f6182a8b792287fcc92354a4465bba903271776c231befb4373db6909c16d","first_seen":"2025-09-24T16:24:04.126116Z","last_seen":"2026-02-22T18:45:37.41307Z","times_seen":15,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-9ece-1eef-0f4f-46f1.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-9ece-1eef-0f4f-46f1.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10658\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1n6YpirafA1pJVKQ7bWyWjzHYDjuA3wMf02NqlGkeqdVDArRRtgrNzz16FETBy2Q9ZwpD1Ogm4%2FNukW%2Fw9fIXxBD0QJ5Qt8sSrrmqDU%3D\"}]}\r\ncf-ray: 9868b819689b56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":10658,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"0a110cdd13b7b756dd1db19d3c98c237","sha1":"3f5e596d7b78b6b6a0f9a9f8de2749003f18f112","sha256":"58fc556ce89f073d3445863f1a305afa28adffcaca3e54763202f1b2056edf14","sha512":"c5669262b2a99b559b72dd1a0900a3f45d1fbbf4f12d5d349d2f20ee0ac34e9862580742c9ffa403e60a61b0c967cbe177100fef6a03bb7af036074c10daca74","ssdeep":"192:GQSPwdffeDWTQHGDdh0vc9ZVXtDhJ0lRNPVPDrDrBULZV3dZo48/K:GfWffeDWM0dhK4Z0lbPVPXBUT3ToNi","tlshash":"b022be239c73c35ce3b015b1a9267bb6e688591db4c06b36ddb909a25eecdb9441c70c","first_seen":"2025-07-16T02:35:49.231969Z","last_seen":"2026-02-22T18:45:37.473429Z","times_seen":34,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-72a1-6bce-857d-4962.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-72a1-6bce-857d-4962.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9298\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cPUBj%2FE51qMWuV3PNecozGTkSUDsTlJhtOFhQOpDhqmijorOatmqa4S4Pr8gIh1W96V030PGYJFu6jcu2xZgf7UClqUSqd%2F3pEWb9G4%3D\"}]}\r\ncf-ray: 9868b81978c756b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":9298,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"89a67f8fb73f7e947f4abfa33a880491","sha1":"189754b849da07a1e230d8f0349771a30831d24a","sha256":"0cdca68f5b32c34ce2c30e58ec5a418a12ec564ac992d56e887a4237fd40fa05","sha512":"0d88fcec5ede7121df400a8a0a2d77b8b42aa8219218e356bd55878c51883b35273b17c5ff0074b32000464506136cd7eeb38bd2a01d015a48f67f98832d281a","ssdeep":"192:GQSFN5Jp1axLIPDIF/DpGW/kYQDKZw+2ryYydujxvNRoKMYv/h:GfLpwxLIPEHP/Dhx2v7xFRozyh","tlshash":"6d12af424dff0b93b716c3a1bfbd4d95928f032499b830bae1ab55bb6b14d3405cd628","first_seen":"2025-09-29T04:26:24.326726Z","last_seen":"2025-09-29T04:26:24.326726Z","times_seen":1,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/images/vf.png","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/images/vf.png HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/templates/flemmixnew/style/styles.css?v=9.919999\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: image/png\r\ncontent-length: 217\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 21:59:53 GMT\r\nlast-modified: Tue, 16 Sep 2025 06:03:15 GMT\r\netag: \"d9-68c8fda3-f5cdefb3013c389e;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 370244\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FahJeAVIkA6AmXimmTlAtJ%2FtcOfKJbcHJmwagDjLoMP4oDJdHn9E4CZUppMG0fjRiMDyF6sbC9npLz%2FdbgpveYgOUkOmLkN3PrsNdk0%3D\"}]}\r\ncf-ray: 9868b81998e056b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":217,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 20, 8-bit colormap, non-interlaced","md5":"cead6dc76790e05172de6cb9f4ac2498","sha1":"a9b16fb67eb3af6332c009149b2058c2a29bf8a9","sha256":"5c844c855fa960c45d6311d5498f9f501856b83442499dea6bdd207f1221a780","sha512":"54bd62498836b3534b42f769334333d000f151722e06c16a22a039bbe15e844cbb307ebff71d71a7c0bab17abf01fc9090614605d33e178fb500bb4dba2c1ad9","ssdeep":"","tlshash":"e4d0a98b5aa3bda4ce404ba239678004e8320a294932cba2c2112aa8cd121a4d197282","first_seen":"2023-07-14T23:04:53Z","last_seen":"2026-04-12T19:57:54.428779Z","times_seen":109,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xs.taujubarb.com/tBsV9ESL1WW/33558","fqdn":"xs.taujubarb.com","domain":"taujubarb.com","tld":"com"},"ip":{"addr":"23.109.170.227","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xs.taujubarb.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 16 Sep 2025 07:06:35 GMT","end":"Mon, 15 Dec 2025 07:06:34 GMT"},"fingerprint":{"sha1":"06:1C:07:2E:87:02:35:C4:F3:33:19:F4:5E:E1:4B:06:39:ED:68:39","sha256":"04:64:AE:EC:15:2D:51:9C:B4:42:2D:09:EF:5A:75:67:B2:8B:C0:59:02:F5:23:C5:E5:1C:5B:32:F7:7B:96:C5"}}},"request":{"raw":"GET /tBsV9ESL1WW/33558 HTTP/1.1\r\nHost: xs.taujubarb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://flemmix.monster\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Tue, 30-Sep-2025 04:25:53 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Tue, 30-Sep-2025 04:25:53 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90953,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"0831c2b27f4915fa46a34cd8dd879272","sha1":"c9290718e33ee642cedeb2482e1150dd72a62435","sha256":"7c70c57965bb64a7cd832dd7368ba79489989c63dd614d12e7253159b7633fc5","sha512":"6afa4622a215bacc03e3041a34881393c5f7495799e829b77fc3fdf2275214db647385e55e326f744eb4b7fd6479726ea901cc9c1abae6e6213f4d2b86917d74","ssdeep":"1536:90ZypD4MdNdzZVK+E0wlJQJ1jvokvSXlDYNO0Pv:9Y+DwnOjFSIv","tlshash":"e8933b41b651b03a07b244e5a17f4245f2372624784ed090f36decb52eba58fa1b7fac","first_seen":"2025-09-29T04:26:24.328188Z","last_seen":"2025-09-29T04:26:24.328188Z","times_seen":1,"resource_available":true,"data":null}},"time_used":375,"timings":{"blocked":167,"dns":126,"connect":20,"send":0,"wait":38,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"xs.taujubarb.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"xs.taujubarb.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/js/libs.js?v=3","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/js/libs.js?v=3 HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\ncontent-length: 1305\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 16 Sep 2025 06:03:16 GMT\r\netag: \"1305-68c8fda4-35213293f223193f;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 4509\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SId3aQ4xywC36j8nm9TJ%2BqOANUS41QVUk0bkjrlWMJZMJ0F3foCeTMlQBbc%2Bvi4sjXy5e1boEVroPctBwif0AwUPHXbh7mRjR7bk8jM%3D\"}]}\r\ncf-ray: 9868b819d90456b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":4869,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"f09e8a538511d1631a964d1177e170c2","sha1":"bb4c80bb5b69c23d180376112dd95366eee52d39","sha256":"b010d496957663b2303af7853b8d411f4df54187184acd52098958065798f26e","sha512":"1ecf69308d5850ebc5f503ec759346a7ce9521753d6df6eedd8a4aec6ff864a096be09b73b61aeb62b35b9675603d57eb65f848a045227c11ef362ada67110ee","ssdeep":"96:g5T9vYUgOxN05zQ7baQc0GiTO4y6RfTOVnRxRATO73gH1YCs:2hLgOxN6U7eGTy2TYmTo3gHuT","tlshash":"a8a1011ab4f22124913f31ad5f9fa1147521552fa20acf007d6c8ae44fcd9a9f262b4c","first_seen":"2025-05-11T09:20:24.822081Z","last_seen":"2026-04-10T05:18:50.617641Z","times_seen":108,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-c420-b0ca-cc26-4eb4.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-c420-b0ca-cc26-4eb4.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17119\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XK8nJHFpCU1oWonBFqpqzM4xrPb3SpYpP%2BTnUvyQSgTD0%2BK8nJoyM0rcXMpJOvWKjYiFlYsKyEilKTV%2FSFiD8QXDhCggbMD0xPDX4ts%3D\"}]}\r\ncf-ray: 9868b81968a456b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17119,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"25acb22a148caee020aecac5f7466f55","sha1":"231311f97d2e596a2cffc6d581226dc0bfd32d02","sha256":"e265e04488c17aef757a50374c8ed2f6754cf6f004123d63f0e25f1cc0b81e3f","sha512":"d97c31c3fe57d6f6c1418f5cdb8dc0aecf154d8c2ceffc23ccf6d1d42886f19e4868c172d80671f5b7dc2dbd9a87534d8e663c2e9071ba4169e5d156c85cdd7c","ssdeep":"384:GfSJRwPHWErPAvrpVOh8q7K1zYoDvJd96syNpJZdIW7Jn1Nn6r:GfSJoHWIPAv3OOq7sU2l6PFL9nL6r","tlshash":"9b72d02a5d8bb1c2e335b6b2916c4a7b230d4302445da6fd10719cb394faff45f461b0","first_seen":"2025-06-01T04:50:52.98749Z","last_seen":"2026-01-04T04:59:19.945696Z","times_seen":40,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":150,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-5b72-f616-96a7-4352.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-5b72-f616-96a7-4352.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19668\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P22KQqbGUh9N9syEleHr2Icd4tegN19rOsaOAtSH8%2BTmvMdxXwCiRvUniOSzaNnBhrl7JTHg03RaxVmI3xYZ%2FBJN25H95oknyb53UhU%3D\"}]}\r\ncf-ray: 9868b81968af56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19668,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"d77401445fa52ca94a8e28f2e3acf8d1","sha1":"529c54549b41014da42bdb47caa566dff50dec54","sha256":"ef37f9e7e2bc0dcb058bf4a4e62331eec1c1c09b3c8b1aac20cf5be86c461d32","sha512":"b00a67f35fce8bcefb4fc09e851c7377760a17088163a583cd83a754799444384c1e318cd56d12af1333735c9dcf3de54792f9ed9ab70cc251cee1312678df74","ssdeep":"384:Gf+oDskLWNgYwec7m2lE0WLaM4nMFZkeT8ahj1HGWDAiiEbFtcqYr:Gf+qWN2rDE0WjCMUm5GWDpXczr","tlshash":"1092d127e18701e81601355b4e2226c983132dc3fbd46771f651cbe7dc61fb8c99a9b5","first_seen":"2025-06-01T04:50:52.993577Z","last_seen":"2025-09-29T04:26:24.330319Z","times_seen":33,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-c206-9594-0685-402a.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-c206-9594-0685-402a.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 24682\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V8759mJDtAGXfKgmpo1ZM0YmGvvzc9vI2aqjxoWKw9XQzmCh7pz%2FPLkO4QLizclpXKAUROLMOlZfs6niBNGm1D1hf1bSghaAPn%2F%2BkRY%3D\"}]}\r\ncf-ray: 9868b819a8ed56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24682,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"d519a285a1abfdb58ed820c59a2f53e7","sha1":"f0b8968bcd3965791f963442a327485d2ddbb8c8","sha256":"e3433eba30bce1a388f941c012c78d708d68e01ab0039f069929c00e0427cb98","sha512":"ec64294da97b2470f65aac143a8d21bf61a209b546061e42b99bf5474630126d663dfa53a204f93cdbe29e2f5f7813508242d4ceeacef4a8ac3aea4eb38e374a","ssdeep":"768:GfClclyXRFkf8IxP+uSH6z3sZOwY5g/w3f8r:IClGiCf8IxlA6g4fs","tlshash":"bfb2e15b931352330755e5eae50276eeb44ce8eb7bac3fa123b1b294c1d2eb4c08d546","first_seen":"2025-06-05T20:23:00.272344Z","last_seen":"2026-04-10T05:18:50.641208Z","times_seen":101,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thewsere.top/pntne","fqdn":"thewsere.top","domain":"thewsere.top","tld":"top"},"ip":{"addr":"212.117.186.252","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thewsere.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 20:24:46 GMT","end":"Thu, 18 Dec 2025 20:24:45 GMT"},"fingerprint":{"sha1":"B9:5D:7D:46:A7:5E:80:AE:8E:FB:9D:86:85:2D:F5:2F:37:93:CF:1F","sha256":"EE:B4:2F:8D:75:C8:45:74:48:95:CC:73:F5:84:A1:DA:E9:28:3A:A7:BD:C6:55:DF:22:75:35:E7:48:35:8D:4F"}}},"request":{"raw":"POST /pntne HTTP/1.1\r\nHost: thewsere.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://flemmix.monster/\r\nContent-Type: application/json\r\nContent-Length: 76\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://flemmix.monster\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Tue, 30-Sep-2025 04:25:53 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Tue, 30-Sep-2025 04:25:53 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-04-25T16:54:21.437743Z","times_seen":400458,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"thewsere.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"thewsere.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"thewsere.top/pntne","fqdn":"thewsere.top","domain":"thewsere.top","tld":"top"},"ip":{"addr":"212.117.186.252","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"thewsere.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Sep 2025 20:24:46 GMT","end":"Thu, 18 Dec 2025 20:24:45 GMT"},"fingerprint":{"sha1":"B9:5D:7D:46:A7:5E:80:AE:8E:FB:9D:86:85:2D:F5:2F:37:93:CF:1F","sha256":"EE:B4:2F:8D:75:C8:45:74:48:95:CC:73:F5:84:A1:DA:E9:28:3A:A7:BD:C6:55:DF:22:75:35:E7:48:35:8D:4F"}}},"request":{"raw":"POST /pntne HTTP/1.1\r\nHost: thewsere.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://flemmix.monster/\r\nContent-Type: application/json\r\nContent-Length: 83\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://flemmix.monster\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Tue, 30-Sep-2025 04:25:53 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Tue, 30-Sep-2025 04:25:53 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-04-25T16:54:21.437743Z","times_seen":400458,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"thewsere.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"thewsere.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-c3ec-dd12-36e1-4c11.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-c3ec-dd12-36e1-4c11.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15773\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E%2BpurwAy59EkKO4yUljLnf4es%2FBZ9zOoQ75QEfygQej3f6pcz8EYiZH1hwI9UBohNhE%2BggOo9tBCAe9jwhEs3lGgXQrgYn%2B4Ww1o4jc%3D\"}]}\r\ncf-ray: 9868b819a8ea56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":15773,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"7586151950f2136daa985d71500593c8","sha1":"5b88be3ddf8e3fa6a95dd1d2fa8a864fe85f026d","sha256":"5ca61a107ff66f8d82da59c1d7f8ce8744261a99186185d59fd09659d3e5441c","sha512":"cc8e96fc8c4ed82a808f39a2b3b3d970fd104799cd47279fb6c268daf061a408497df196d4dd3e3377853524b2b5dbd3ae1ad3686a6921d4b7728e458bd05375","ssdeep":"384:GfnFpKoblKj8mcRwI2TDD+ujrxsNdUQ9fV8RB:Gfn9blKsfmCVdV98","tlshash":"d662c061b281f6e45b08cb259b30fcc373cf39ceb258be31d2d6910500b1eb6885a9d5","first_seen":"2025-03-01T17:45:22.468034Z","last_seen":"2026-04-10T05:18:50.606248Z","times_seen":110,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-2072-364b-9584-4dcb.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-2072-364b-9584-4dcb.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w4zjLfWMbpxIxI%2F%2F9Ao4oXU6plGzgcmzELiPNcsX2g8fK2GHmdWOGRJXSDoglbW9tN%2FQD%2B8QvZq87mlpGe92TjBVFX5nTU2psc2JN8I%3D\"}]}\r\ncf-ray: 9868b819689556b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":8471,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"4c3b439c4c3d47989bf2309742ae92be","sha1":"a7c162ac2b8f59d63041eeb22765bd5896d4c461","sha256":"ce4dba0149fbfbeb26fac66d01f4768d9d72fec6682b6e88d425ead4e292979b","sha512":"eb0fe3eb2f837f1d9cc43799146a0f94a544368ce7a982b26f679ec1d679f5abadcfcff1be024649aae5fb92a25e261fd4f3619ce2bc14aa3157d50ede72632d","ssdeep":"192:GQSfhUogGZYZPYMpAkGuLGIuTf9hsfJ3Jxh9zUhmmg:GfKyYZYMpAkBGIcVhsfp7v5","tlshash":"61028d2b0a4953c0537807a1bd173e4c6f426b489d9626bb4a550f8b7d7cdb28c9e63c","first_seen":"2025-09-16T09:41:21.389739Z","last_seen":"2025-11-26T19:31:16.855051Z","times_seen":6,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-ddbc-4312-9640-434b.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-ddbc-4312-9640-434b.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19651\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ii1vqZR2veLMAujxafyZtq5YUzNTo2B35jJin4ovGkTWApKDN5OBkD6C17QM0VvJWjtZt%2BeA9yze%2FKk0tCwUGvP5HziDiZ0Z0CuHVkE%3D\"}]}\r\ncf-ray: 9868b81968a256b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":19651,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"218239f081048e9e7d7703a3e8551194","sha1":"04090acdac29c6e250adf37a2fa610966757850e","sha256":"5c9856e8c5efe3780d9c478d9ad8cb64fe0c2edf056844791a8af89defa50380","sha512":"d10d2fea6d11784504127309987ba090f5fd62e619d9a4698905ff428dd23cf46c62bc72f014aacee2717bce46013c1b2c7f9d780017ef70a1f07ff95c1bde48","ssdeep":"384:GfY78jOXLQf2Qci24gBeOymLzmkgXbqTB98cH7Dn3OPaRVdeHh4:GfYpXLQfFcFJDtLirXy8a7Dn9RjC2","tlshash":"7a92e02b51072c7287a7e8d0f66454b053887ef2d57476ab11ea88af8ba5cfbdc11311","first_seen":"2025-06-30T02:46:47.974558Z","last_seen":"2026-01-04T04:59:19.877861Z","times_seen":32,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-fc63-d676-120f-43cd.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-fc63-d676-120f-43cd.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17866\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wws3YV%2FV6tDT3ygQIU4LygRoDaFWps%2FzykYwjTowskvj975c%2Fo3zvPmQKU4lKfjcgTt7dNIgkZsGbBWfiaLLXWtDsAIvUS0cUMLQD1s%3D\"}]}\r\ncf-ray: 9868b81978c856b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":17866,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"8ed6abb836dc67072a452e867142eb4b","sha1":"6e16a12f792e394f0d40257b7f94aee4c96796b0","sha256":"3bf4ddc39c01804ae97066c3a1ee02eb384333d7bf4919868f7692f0f886b502","sha512":"78b259c1b0d5ca732a7b19226c423f7bb4d3fddd8ed45c89db38c0b8bab3506c9d8d4141d9a92fe54b3988f692f70f7fae70180562c163006b1cf07891fabb33","ssdeep":"384:GfWwsKEQvSsq5a0GxRbCPPFjeB1qCBHYuAVx8+IbqvR:GfWMzEURbkFjQ1qw4u9Op","tlshash":"d682c00f049225b5ab6a5dae198d2576b1060e0c035f6ebda1d2c864cee0efedf7c5c0","first_seen":"2025-09-29T04:26:24.334068Z","last_seen":"2025-09-29T04:26:24.334068Z","times_seen":1,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-676e-e99f-6d3c-494a.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-676e-e99f-6d3c-494a.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19458\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DTItJGwuMUPWciH%2FUY%2B0PbEYU5X95gPx9WII%2FCOcUF9BDmkFJTQkpIPP2Nd3QJeP8YFz%2Bx3B4OQOSZq3w8jKgT1UCc1NEKpHF5VJIlg%3D\"}]}\r\ncf-ray: 9868b81978cd56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":19458,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"5ddcb9b4059cc114ccf2a4071be4228b","sha1":"927c212d196a1b53061fc1b844cdb91246e36d5f","sha256":"49dc7d47e5a7864a22ed19a7d05b1423e6ff34b52a77bbd236a89e3b39a8a3b3","sha512":"d5222162f46ed997ea11d21461fe70192d2a781e7ab489cdeeb77a8b013546c8d018158d9a1d6701ac9190a3625c151efdc9ab92a3e5ca635207ef4e9ca57319","ssdeep":"384:Gf21Kt12KPMXs4NE/FRvlq7PJHz1eZwjLq1gQWW9NnuM8v0V:Gf2lThN0FRvqT1eZwjcNjd","tlshash":"4992d02b99578df97b1490e3dcc43aee0a166765ad980d2a80246964f5b0cf7112cfcb","first_seen":"2025-09-29T04:26:24.335069Z","last_seen":"2025-09-29T04:26:24.335069Z","times_seen":1,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"caudexintrine.com/1clkn/35789","fqdn":"caudexintrine.com","domain":"caudexintrine.com","tld":"com"},"ip":{"addr":"23.109.170.225","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"caudexintrine.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 22:15:41 GMT","end":"Wed, 12 Nov 2025 22:15:40 GMT"},"fingerprint":{"sha1":"47:0C:13:12:87:EA:9E:1E:94:03:BF:C2:21:AA:27:3D:CF:B3:B1:B7","sha256":"36:46:C5:D3:73:07:A9:C6:79:26:84:00:D8:45:B5:56:86:61:91:84:F5:E2:B8:6B:9A:41:DE:BB:B7:F0:8D:6D"}}},"request":{"raw":"GET /1clkn/35789 HTTP/1.1\r\nHost: caudexintrine.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Tue, 30-Sep-2025 04:25:52 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyLEKwjAURuHcSwmIWX6oe5%2BgWrRgV%2BsoydAnqDVIoSQhiYpvb10OfEcIwaUCzwHq3NRdW69tuhPoCdYGPDlI7eNn%2FIIi%2BHAER4etSYuvev9yef0Tir9BM5S5mKEywTptM9glbPrxvtj9dbiBghTg7CWD06MUoLfc%2FQD8TBxp; expires=Tue, 30-Sep-2025 04:25:52 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29543,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (29542), with no line terminators","md5":"cb53128a04be8df17b66c010b13b09c4","sha1":"2c14fc3979e43b970c110bfda58c1d5f31dbb1c9","sha256":"b6f1f7a893271d9a47b897fb95dd012d9ebaaec42af35852e68c4c158eb88ef1","sha512":"c3c352e6f4486369e425fc4147061ae00af91bfd74f3d8cca2ef7ae5d0b400899a802e65128671d3cd9ad434d6529bec554052852d5a96983d714cd57bc4ff67","ssdeep":"768:IhF/JlfdnwRINxhFEsbUFwQbOQI7jmJ8757ANEn1zxO/WW6u:IhFRtDk5wu","tlshash":"00d2e786f6a0f0a607e290a2523f4107f2375914384fc9e0e2a5dda07c6958f967bb5e","first_seen":"2025-09-29T04:26:24.33601Z","last_seen":"2025-09-29T04:26:24.33601Z","times_seen":1,"resource_available":true,"data":null}},"time_used":258,"timings":{"blocked":104,"dns":71,"connect":20,"send":0,"wait":38,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"caudexintrine.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"caudexintrine.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-e8a4-5018-25e8-46ed.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-e8a4-5018-25e8-46ed.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j1JCcWQfoD4KZfz4Nq7qwn3Ts6TGpENNz%2F0D8eZsTYcpoqJm4iGjHgewV8J8xhR3vFtJhLU3WGJJ%2Ff9l0J6H3gxP%2BBYlVI1pwm%2FWXk8%3D\"}]}\r\ncf-ray: 9868b81968b356b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":23265,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"92da9bb6f3e0c0810ffe17ef7c70e220","sha1":"880f9a7890c57d50dc1ee1da557899d2802eba5a","sha256":"d7b396f4bb4030a467a1ee28f9242161a2fc9f652e4bd8d13a9c0c949287195e","sha512":"1bba2444fb6d05069018ad8421f173e8c219021f8bf2a8c866f7c34364408d6779736e07596753cd06049b02d3b854eb5dd52e5d2da6b4f0259e625b498abd2d","ssdeep":"384:GfpNdxIvDlHzCpQqraL7VZ/AyaJBUQaOU/Up1Qz2TCg69A:Gf9SblHzCiqgZH+Hnri2TCju","tlshash":"a6a2e1c7f6d89fb15a596be92d49d02b5c0905ccb3eb49f342c24be8a09dcf2893a151","first_seen":"2025-06-01T04:50:53.078237Z","last_seen":"2025-09-29T04:26:24.336968Z","times_seen":33,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=stream-vf-1e69-4fa0-5c65-42f5.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=stream-vf-1e69-4fa0-5c65-42f5.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22846\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uHiCJn7AuV9RyasQWHjKheT3E3rtukkskrf%2F14lK4apgq82JdQksOzCFOlyOlQtRAf9edNe%2FUEPJWvjmHdGi8KsKgNR6ucmUHqWox%2Bc%3D\"}]}\r\ncf-ray: 9868b81978d556b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":22846,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality\", baseline, precision 8, 250x345, components 3","md5":"1b518a637722980f4dd3943972f164eb","sha1":"b780d8a5b89a6ff61e53cd5e51ce017992c1a228","sha256":"29acef04409930b2b22015bbbc19d92dde300119b58631c2ab84cefdffc7ed1d","sha512":"5bda475f6782661af0398e21f8ed7d40404f37cddac19f65edcb86ae1b1ae80e26dc4d2d622ebbbfba7e57c1506e29fd54cdc9900a60672387c57948f4ff6e82","ssdeep":"384:Gf2LGweYWzuizxg2foSDmi1/y0BqA2SNLZKRjkfA2xS2NMLGbx+rVt+zQO+VSE:GfmCnCwxDHDmi1/ymqA2sCjk4ilNMiIz","tlshash":"23a2e0ade52b9d26230e757cd64c64a1d96c608f4f6d707b0cb015934a3adf02ce6b8c","first_seen":"2025-09-29T04:26:24.337463Z","last_seen":"2025-09-29T04:26:24.337463Z","times_seen":1,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/checkimg.php?urli=c344-c97d-67a9-41f1.jpg","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /checkimg.php?urli=c344-c97d-67a9-41f1.jpg HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16631\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Oct 2025 04:50:41 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l5QCw5YKe3bLSwHcR%2B%2FvqSTpS0AosiByzsaqVvgTqjGSc0uO3L6sqmzKNQo%2B3dDGpYJaHSMMSqbeZLu%2BvrZkAm3UCYgznns1JQ7otpc%3D\"}]}\r\ncf-ray: 9868b819a8e656b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":16631,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 215x290, components 3","md5":"d9ce315e05c9ff188697970c11be0232","sha1":"b417f6196ece5438eb8f23d3ef44089c721be3b2","sha256":"7504844dd42fe313bf2b65871b94f3515c7376acb816a12b4d119b47d965e0b7","sha512":"73dc408ccab651e90a2915e02447b027dee9ea7368b9fcb1c1c50d3ea847819a384182e591263e4dcd4c718b7cdae2fccf3e17520721eef5c21d313dff1a9376","ssdeep":"384:yMI/Mt/+iI4sL8KK/NzPA/9rsow2Ul/ey1qkic/9:xFO4c8KKFza9e2Ul/cU9","tlshash":"3572c0d72f847e12a4634ff383a0f0d8a2c275963518b6597bc5b8b5c98c421e3a186f","first_seen":"2025-08-05T10:28:21.095461Z","last_seen":"2025-11-15T19:32:09.449074Z","times_seen":42,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wrathypenitis.help/cuid/?f=https%3A%2F%2Fflemmix.monster","fqdn":"wrathypenitis.help","domain":"wrathypenitis.help","tld":"help"},"ip":{"addr":"212.117.186.92","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:53.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wrathypenitis.help","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Sep 2025 21:21:47 GMT","end":"Wed, 24 Dec 2025 21:21:46 GMT"},"fingerprint":{"sha1":"AB:7F:25:A4:47:EA:FD:C0:FD:04:9D:5B:DE:04:FB:AC:82:37:67:A1","sha256":"8C:B6:C9:8F:CE:4F:DB:23:24:8F:04:DB:40:06:BA:C3:2B:0E:91:55:37:A9:E1:FF:A6:E7:DF:7F:FE:FD:BB:65"}}},"request":{"raw":"OPTIONS /cuid/?f=https%3A%2F%2Fflemmix.monster HTTP/1.1\r\nHost: wrathypenitis.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://flemmix.monster/\r\nOrigin: https://flemmix.monster\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-length: 0\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://flemmix.monster\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":188,"timings":{"blocked":84,"dns":41,"connect":21,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/style/engine.css?v=1","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/style/engine.css?v=1 HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 26704\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 01 Oct 2025 21:59:51 GMT\r\nlast-modified: Tue, 16 Sep 2025 06:03:17 GMT\r\netag: \"17c3a-68c8fda5-23ad9f471baa9f21;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 370246\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2FYMNKqoJakPSKspJ%2BnqAhX68O4tF95hN3DthOELruiTryuqcD6RU4kAkhfi02qWURdjpC%2FB3pBWXRoSYy78TQ%2FUL8lYZ%2BKtGoAU8y4%3D\"}]}\r\ncf-ray: 9868b819688f56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":97338,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"assembler source, ASCII text, with very long lines (13482)","md5":"5511b878f3a882b33d90677ea298c88f","sha1":"395c7526fb77953d3aa30c213de48624570c0781","sha256":"2eea85f0c924c6424870787c268b51d375d92e15091b15cbe1f1ab3ac32ac18d","sha512":"7e1ff33ea47ce5ee25de3cba90fbd1d0b12ec07e3cab815295e9d2f8e94c94372b66d9e6b2e90dae614bd2e96ec8b5536cdbb37504f468b3b02a204970df1649","ssdeep":"1536:x6umPgQMSzpEbD2PenL5LsYOmyCnwlta4u1IJxHPaKKQDTUHOlrnl+Uf8l73PwQ:jaPendOmXwT020OFl+28lbwQ","tlshash":"c59385b1e10911c5b336c04bff81b7a83e79f32bd2414db8f55e281c99c529906e6bad","first_seen":"2023-05-11T06:10:11Z","last_seen":"2026-04-15T05:52:46.23929Z","times_seen":139,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"witv.soccer/templates/witv/images/witv-logo-w2.png","fqdn":"witv.soccer","domain":"witv.soccer","tld":"soccer"},"ip":{"addr":"172.67.196.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"witv.soccer","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 Aug 2025 18:15:06 GMT","end":"Mon, 10 Nov 2025 19:12:43 GMT"},"fingerprint":{"sha1":"FF:6D:50:B6:10:EF:CB:AD:DE:63:89:9D:0F:3A:15:0F:EF:76:A4:76","sha256":"DE:5C:84:EA:41:94:FC:24:1B:B6:00:38:BD:30:08:D9:84:AF:AC:FC:7D:FE:4E:88:7C:95:2D:88:87:A2:45:A4"}}},"request":{"raw":"GET /templates/witv/images/witv-logo-w2.png HTTP/1.1\r\nHost: witv.soccer\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 4617\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=604800\r\nexpires: Fri, 03 Oct 2025 11:14:03 GMT\r\nlast-modified: Fri, 13 Jun 2025 22:03:40 GMT\r\netag: \"1209-684ca03c-372fb86515fee418;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 236196\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oI0HM6DZASr0HmtrPoqjwi0jcDsLHsBwXtegL4edj8oSxPJdG8P7NHtay38dUP7Fxr3ZFVuiR14kEpBUd75oQA%2FQy4HoAaPEboKU\"}]}\r\ncf-ray: 9868b81b4e788deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":4617,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 43, 8-bit/color RGBA, non-interlaced","md5":"caa87b5ca4f77abcb54c555bc9ee6bde","sha1":"7ec8098b7e37c4517719419830ce9a3f158907b1","sha256":"70ff78deeaea1e734cd540f69d6c48ba1e18293d15b13f48a61b583fce7d38c0","sha512":"412bf9db6158b8bc288d3fddc472e266642e72191487189792a332d1ed4afbda5cd9a256fe4fe9546ba8814335c7fc6d66d3062c9342d173bc919f6cb73fa370","ssdeep":"96:0SkY7AknmWaOYLS/n9A/HTUHZHH5IDHCOH7geHhySU3NfC+0LcNGz6Gp92XQeSYb:0Sl0knESIzU5HiRz74Xiwb","tlshash":"1891db18fd12ec109b1aae82b9dda1577b370fd09bc35451adc694071c951bdcc4faca","first_seen":"2025-03-15T21:10:47.632457Z","last_seen":"2026-03-28T19:10:51.589721Z","times_seen":36,"resource_available":false,"data":null}},"time_used":521,"timings":{"blocked":254,"dns":72,"connect":1,"send":0,"wait":8,"receive":0,"ssl":184},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flemmix.monster/templates/flemmixnew/fonts/fontawesome-webfont.woff2?v=4.5.0","fqdn":"flemmix.monster","domain":"flemmix.monster","tld":"monster"},"ip":{"addr":"172.67.146.136","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://flemmix.monster/","date":"2025-09-29T04:25:52.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flemmix.monster","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 13 Aug 2025 20:57:31 GMT","end":"Tue, 11 Nov 2025 21:56:08 GMT"},"fingerprint":{"sha1":"5A:76:FB:AF:36:4E:35:C1:60:CD:14:BB:6D:B3:34:00:9E:FF:DE:5C","sha256":"EB:D6:5F:E9:BC:71:DC:ED:B4:B3:19:24:3B:FD:EA:BF:74:C8:9C:49:22:64:13:66:9A:F0:5F:F8:41:0E:5C:2E"}}},"request":{"raw":"GET /templates/flemmixnew/fonts/fontawesome-webfont.woff2?v=4.5.0 HTTP/1.1\r\nHost: flemmix.monster\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://flemmix.monster/templates/flemmixnew/style/engine.css?v=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 04:25:52 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 66624\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 16 Sep 2025 06:03:13 GMT\r\netag: \"10440-68c8fda1-a7bcb3d9abe7d902;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 1820\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CgOoZ4vy2yWvSPdyFuYk757YG0YzDM1wDcI8QjhvZuScCVi0riYc2gqVcIZ1waHrX3bwDRz2heez3eE3i6qv30w1BdOdLrUSIDgv1Xs%3D\"}]}\r\ncf-ray: 9868b819a8f556b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":66624,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 66624, version 4.262","md5":"db812d8a70a4e88e888744c1c9a27e89","sha1":"638c652d623280a58144f93e7b552c66d1667a11","sha256":"ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995","sha512":"17222f02957b3335849e3fe277b17c21c4aaf0c76cd3da01a4ca39c035629695d29645913865b78e097066492f9cee5618af5159560363d2723bed7c3b9cf2a8","ssdeep":"1536:P7P0ehdxE792JHJ2qrz+MoCpeUtsG9eDeh9Zw+ZyqJ:PPlYw1re8Lsqh7MqJ","tlshash":"ae5302303406ab26ecdf0e8776b888f2b4da91d37b5f22c753aa84115dc91d5d94ca3e","first_seen":"2023-04-05T13:28:44Z","last_seen":"2026-04-25T15:42:28.409304Z","times_seen":27278,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"flemmix.monster","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}