{"report_id":"9fe95ac3-1496-4dc7-a34d-ffa396d9bfd8","version":6,"status":"done","tags":[],"date":"2025-10-02T22:03:29Z","url":{"schema":"http","addr":"naruto.su/link.ext.php?url=https://tdzebli.com/1/%23s9_Sulo/","fqdn":"naruto.su","domain":"naruto.su","tld":"su"},"ip":{"addr":"79.133.182.51","port":0,"asn":211183,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"title":"The most popular dating site this month"},"submit":{"url":{"schema":"http","addr":"naruto.su/link.ext.php?url=https://tdzebli.com/1/%23s9_Sulo/","fqdn":"naruto.su","domain":"naruto.su","tld":"su"},"ip":{"addr":"79.133.182.51","port":0,"asn":211183,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-06T22:03:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"unpkg.com","ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-06","domain_rank":1093,"first_seen":"2016-01-07T23:26:01Z","last_seen":"2025-09-28T22:13:25.076663Z","alert_count":0,"request_count":1,"received_data":29245,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.138","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-28T22:11:39.889585Z","alert_count":0,"request_count":1,"received_data":2242,"sent_data":454,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-28T22:11:46.369912Z","alert_count":0,"request_count":1,"received_data":24414,"sent_data":536,"comment":"","tags":null,"fingerprints":null},{"fqdn":"naruto.su","ip":{"addr":"79.133.182.51","port":443,"asn":211183,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"domain_registered":"2017-12-12","domain_rank":1457475,"first_seen":"2018-12-25T17:12:32Z","last_seen":"2025-09-29T20:29:40.509365Z","alert_count":0,"request_count":1,"received_data":2220,"sent_data":528,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.26.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"tdzebli.com","ip":{"addr":"88.214.27.56","port":443,"asn":209272,"as":"Alviva Holding Limited","country":"Germany","country_code":"DE"},"domain_registered":"2025-08-13","domain_rank":0,"first_seen":"2025-08-13T21:10:41.256815Z","last_seen":"2025-09-29T01:00:26.688791Z","alert_count":4,"request_count":2,"received_data":2633,"sent_data":913,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server:2","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"openfpcdn.io","ip":{"addr":"108.157.229.105","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2021-11-10","domain_rank":9255,"first_seen":"2021-11-11T13:02:44Z","last_seen":"2025-09-28T22:54:44.384637Z","alert_count":0,"request_count":1,"received_data":15896,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"befjajh.flirtosmart.com","ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"2024-11-06","domain_rank":0,"first_seen":"2024-12-30T18:10:51.158169Z","last_seen":"2025-09-30T16:19:49.405285Z","alert_count":28,"request_count":7,"received_data":395901,"sent_data":3389,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Unpkg","description":"Unpkg is a content delivery network for everything on npm.","website":"https://unpkg.com","common_platform_enumeration":"","icon":"Unpkg.png","categories":["CDN"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/44/assets/js/js.js","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"e46de74d1bdfda878c542f3eafd6430f","sha1":"04174b7fcb23a76f5fe923e2e565a81652569402","sha256":"54bad1d3ee7350421b67a4fdfd7f5e16e0fae60748ad0308ba0b78f745c50595","sha512":"b4229c502997fbea62bce47000ebe10aa9bcbb35693b2a9a0ef1fe0e4a9599edd837814d62b03dffcea2b15044b0ba85568218ef0e882d81085abfe001c9db13","ssdeep":"","tlshash":"e2c08c2cf3fc896200bf70ad0827c84c15322441364b2b01c0ac16102ea951c3666a52","size":151,"data":"","first_seen":"2023-08-06T21:26:39Z","last_seen":"2026-05-13T12:34:59.258964Z","times_seen":80,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"da27349e5e5b86a5cf58f3c569fbd1a3","sha1":"c53a1d92033e51344bdbb8cb4ef4e2d00df4026e","sha256":"205e5b4bfa733662ac66749d3c176e173474dc44c25c0804594b2e0f7ef77f70","sha512":"622d5b3040547f3ccbdde68272d0c3948e0e8cb192cbe9fddfd4a987d26fe508837fa72c5d61c44660f8036f47a028be1acbecfaef3e1e94527c8e2fb0a88dbd","ssdeep":"","tlshash":"70817defb7901012492a420fc7fd0cbcea18ce24b2b4246c46619267cb5d52222677f9","size":3951,"data":"","first_seen":"2025-10-02T22:03:31.27792Z","last_seen":"2025-10-02T22:03:31.27792Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"e7d6b85edb141824af8951e19333337c","sha1":"76600b2cb1978ca24d9fe39b1412f052da855ddb","sha256":"6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e","sha512":"caeece2e9f68aeb3ae0f077644afc417304c4c867674e779cc0acaa30e372ccf7cd42080fea47f986508082f15f7dfca6071def8dc77206af61167220c34c686","ssdeep":"384:JUr/AGPMPeRBiJRBxdMCD6AvSEzZMOC51MACXvAbXIORv1QpjXuBsb6ec3x7ZonL:JqAPbBRvB3ACfaYOTQpz0eEdAL","tlshash":"bed23a4d30df343a03a266d5212fe508b5795ec4700d4440eaba9a943df4eab627ffe9","size":30685,"data":"","first_seen":"2023-03-07T01:14:35Z","last_seen":"2026-06-02T09:02:49.942196Z","times_seen":8054,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openfpcdn.io/botd/v1","fqdn":"openfpcdn.io","domain":"openfpcdn.io","tld":"io"},"ip":{"addr":"108.157.229.105","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"234a8c1c15df9b03c65e9e14c82fc872","sha1":"e5ca36727846aede7dfbc07e88b2b025eb0cae90","sha256":"29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89","sha512":"9aeee4e620de49e0ed303917e9afc1806da0815896bc5feef3add9f89e0429678bfe0d9f0ad3fc940bd8e48f7e235e5c8d23463407c42b6fbc740b50c43a0b53","ssdeep":"384:/yKlnAKXPD899vDMKXExXI7EhgKkVGVXvPGt7MD:hfPD899vDMKHLVGVXvPGNA","tlshash":"bd62a4cef996b07553bb34a1503f2206b2362655745e84a0cf2bc2c16879e5ac23bf6d","size":15196,"data":"","first_seen":"2024-04-04T09:37:24Z","last_seen":"2026-06-03T10:45:07.265285Z","times_seen":13443,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"0cfd65ff49922840ca64af529f37ee95","sha1":"bfd94eb90d17c39597248dede47c83ba4e2ced72","sha256":"55ec1f09294dff1b44d52e326535f06024025ca63bb6fe48882a126421298a15","sha512":"5aef95c803a1c71d52a841eeedb3125377d7fe1cc918c1509056d6cb79d3971e34fabef2ff6fb13e90010158c847a5f9fd6a7274b0a2426094701fe9dfcb7f59","ssdeep":"192:5pj5FsCEQ0p7/OorR2X1Yiubp7A9M1TKXjyLNLwzTLWI:zHupIYiubp09Md9M","tlshash":"e7e1dc9924f2616509bb70bc9fdf9224317a541f24899a10bc5c07d4afacd7ca3b0fe8","size":7438,"data":"","first_seen":"2025-10-01T14:30:08.801322Z","last_seen":"2025-10-21T10:02:02.639533Z","times_seen":826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/44/assets/js/jquery-3.2.1.min.js","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"c9f5aeeca3ad37bf2aa006139b935f0a","sha1":"1055018c28ab41087ef9ccefe411606893dabea2","sha256":"87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de","sha512":"dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58","ssdeep":"1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9","tlshash":"4483e6d9b2c67062977730b950bf410bb17a98dab44c8c60f158d9d47eb8a8d907bf2c","size":86659,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-03T17:51:06.323438Z","times_seen":92323,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"149056fccb5063e0260d8fb1f9e14966","sha1":"46cab50b3ca932a0ddaec7140a583f4d9a5ed11e","sha256":"a6e396bf650118b365fa4d73f3669a524d18f2af0905a8b36701d50c477967f8","sha512":"0c01b1d7121e9ba3d5d3b151b82e23cacac0b64ef34ebe757033e7b2d5f95cab8a96112dce0903d491ce07788567735cb70896478d373e9049ca4d06c35e2603","ssdeep":"","tlshash":"03d08069476505700d33f57d030ee74131fb90571144cd56b5ec01441f4074981f41d0","size":268,"data":"","first_seen":"2025-09-30T17:44:21.39311Z","last_seen":"2026-06-03T00:23:28.909619Z","times_seen":5180,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/just-validate@4.1.0/dist/just-validate.production.min.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"713352ee6a16034c696a6e2785b92280","sha1":"6289cf9b1f0e775ad3feb36b0fcfe5af301a0e5b","sha256":"c08b11b232cea03b467d40d5b0990d7deaee04ae1de7af2d4eb94c3544b4c1a5","sha512":"8c42085cda5010ff9eb71174f3f5af3f94f276ab1b134241ed70cd37b3c8d7b8efc7a0899e964be8cef88474da2bee314158b86e45a64ecc0294f8dd628de2fa","ssdeep":"768:VkW++Jv/0btODUsl7dMrXfSCiwgRgpZ1UuVvw1CByfDwty0HD/h7PCByCrCagSZi:mCsRXaCiwgRgysnY3gSK6U","tlshash":"0ad2d606267109234dd94ae9e08b9543b3d1375da518a4ccf73dacfb9a8dec630937b2","size":28389,"data":"","first_seen":"2025-09-05T11:13:19.031002Z","last_seen":"2026-06-03T16:20:54.432823Z","times_seen":8682,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"41d3ca5bc39fdba48b5e6c0db52c7e1a","sha1":"3a20a6949e1fe331ba65a7be90cff19e72ea4267","sha256":"262d4d16bbaddf27125175b4096ed1f82fee2e6010b3749626749d7b6193ecb7","sha512":"d3e5454f541945870b5d8da97802533f6fd4afaac276de39eb0293d7901e6f86bfcd470ac9c8b719f85c012600d542b126e8fb6ec16776e7d4e8e284178c36bf","ssdeep":"","tlshash":"9d21cb5d6091707435f7b0b6aa1e62503133028f202facd2b9dc3305af39e0e0b83b41","size":1225,"data":"","first_seen":"2025-07-05T17:30:26.75814Z","last_seen":"2026-03-23T22:03:17.435522Z","times_seen":3562,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tdzebli.com/1/#s9_Sulo/","fqdn":"tdzebli.com","domain":"tdzebli.com","tld":"com"},"ip":{"addr":"88.214.27.56","port":443,"asn":209272,"as":"Alviva Holding Limited","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"081c57654359c9e98068f585d63f6f32","sha1":"daa034a3062372016572618110ae892e9ba48dac","sha256":"51d0aca0b92ffaf13ee49cad5f8dd0bda4352a93fbe614ab6b7c98cbe0ecaf6a","sha512":"26519650edf17286aae37d3228a06e5763fb338213e8062a76a3821b3ca0d113a817fc31418294609864e67ea5fcca03247151c52868fae66dfe29a513e86cd4","ssdeep":"","tlshash":"38211c671897002e2f93005e3b6fb6ab70a264272449f409b0ae8f2d1fd0e21e4b35dc","size":1243,"data":"","first_seen":"2025-08-26T14:55:44.85854Z","last_seen":"2025-10-15T18:50:56.022624Z","times_seen":2250,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"naruto.su/link.ext.php?url=https://tdzebli.com/1/%23s9_Sulo/","fqdn":"naruto.su","domain":"naruto.su","tld":"su"},"ip":{"addr":"79.133.182.51","port":443,"asn":211183,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-02T22:03:03.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"naruto.su","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 Aug 2025 23:39:39 GMT","end":"Tue, 04 Nov 2025 23:39:38 GMT"},"fingerprint":{"sha1":"A0:3D:C5:ED:04:64:AD:E4:D7:46:A1:F0:E6:9B:8A:37:BE:CA:50:36","sha256":"6F:E0:09:27:B4:38:73:03:84:7C:F7:2C:86:07:BB:18:C1:C9:3F:7D:77:E0:4E:5F:3D:EB:50:9E:80:BC:7B:B0"}}},"request":{"raw":"GET /link.ext.php?url=https://tdzebli.com/1/%23s9_Sulo/ HTTP/1.1\r\nHost: naruto.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.26.0\r\nDate: Thu, 02 Oct 2025 22:03:03 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.4.33\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=31536000\r\nSet-Cookie: DCMS_SESSION=42c8e37a40a7414baa853252f91c32e1; path=/\r\nLocation: https://tdzebli.com/1/#s9_Sulo/\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.26.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1756,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T17:55:46.471571Z","times_seen":16085743,"resource_available":true,"data":null}},"time_used":293,"timings":{"blocked":94,"dns":0,"connect":30,"send":0,"wait":105,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tdzebli.com/1/#s9_Sulo/","fqdn":"tdzebli.com","domain":"tdzebli.com","tld":"com"},"ip":{"addr":"88.214.27.56","port":443,"asn":209272,"as":"Alviva Holding Limited","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-02T22:03:03.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tdzebli.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 13 Aug 2025 00:00:00 GMT","end":"Thu, 13 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6B:CF:51:C0:07:A6:AB:B1:31:F3:75:5C:9E:6C:A2:90:7E:9C:BB:DD","sha256":"FC:CA:17:A5:17:E6:93:7B:E9:36:BD:D2:95:00:67:38:12:F3:92:28:5A:4E:21:4C:78:B4:08:37:F0:13:0F:FB"}}},"request":{"raw":"GET /1/ HTTP/1.1\r\nHost: tdzebli.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 02 Oct 2025 22:03:03 GMT\r\nServer: Apache/2\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, Keep-Alive\r\nLast-Modified: Tue, 26 Aug 2025 14:41:22 GMT\r\nETag: \"6dc-63d45aa738880-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding,User-Agent\r\nContent-Encoding: gzip\r\nContent-Length: 701\r\nKeep-Alive: timeout=2, max=100\r\nContent-Type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1756,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"9e59d2085fbd522816ad5070068cdd43","sha1":"1ba814b9d1fdd9a50851cb776bf7b11d1a12d660","sha256":"e8ce51106238701772193096dc28a411356eb152398117fc3a00e56adfa49569","sha512":"6d9ec1064d89a4d1b1129b067a260466cbd2cf8b6d028bf276629456527e5df48a2a45867835ea6fea4ab4edb947fb704c683246b7eeda12a824f48814ffcc08","ssdeep":"","tlshash":"7531535789c9045b6a730139f7b1f3a7f4a225231681f118b09dab3a1ff0e40d863ac8","first_seen":"2025-08-26T14:55:44.850355Z","last_seen":"2025-10-15T18:50:55.962421Z","times_seen":2250,"resource_available":false,"data":null}},"time_used":325,"timings":{"blocked":140,"dns":0,"connect":45,"send":0,"wait":45,"receive":0,"ssl":94},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openfpcdn.io/botd/v1","fqdn":"openfpcdn.io","domain":"openfpcdn.io","tld":"io"},"ip":{"addr":"108.157.229.105","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tdzebli.com/1/#s9_Sulo/","date":"2025-10-02T22:03:03.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openfpcdn.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Wed, 27 Nov 2024 00:00:00 GMT","end":"Sat, 27 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"DB:8B:1E:08:FC:EE:6F:56:28:0B:74:80:37:E0:DE:69:D3:59:96:8D","sha256":"C1:3F:58:99:2C:D2:A0:B9:C0:DA:6D:01:AE:FD:93:AB:09:79:09:0C:A8:0B:EB:21:23:E9:A8:78:90:96:EE:55"}}},"request":{"raw":"GET /botd/v1 HTTP/1.1\r\nHost: openfpcdn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tdzebli.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tdzebli.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: CloudFront\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\ndate: Thu, 02 Oct 2025 19:34:04 GMT\r\ncache-control: public, max-age=613838, s-maxage=10329\r\netag: W/\"5co2cnhGrt59+8B+iLKwJesMrpA\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 36510edbc7ba8916907c18e15b00f64c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: RyO2IHvrBbw4bYtTB7Qc3lfpU4JkajBj6fwQxh_o3XHgRP8WDVqc6g==\r\nage: 8939\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15196,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (15005)","md5":"234a8c1c15df9b03c65e9e14c82fc872","sha1":"e5ca36727846aede7dfbc07e88b2b025eb0cae90","sha256":"29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89","sha512":"9aeee4e620de49e0ed303917e9afc1806da0815896bc5feef3add9f89e0429678bfe0d9f0ad3fc940bd8e48f7e235e5c8d23463407c42b6fbc740b50c43a0b53","ssdeep":"384:/yKlnAKXPD899vDMKXExXI7EhgKkVGVXvPGt7MD:hfPD899vDMKHLVGVXvPGNA","tlshash":"bd62a4cef996b07553bb34a1503f2206b2362655745e84a0cf2bc2c16879e5ac23bf6d","first_seen":"2024-04-04T09:37:24Z","last_seen":"2026-06-03T10:45:07.265285Z","times_seen":13443,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":20,"dns":0,"connect":8,"send":0,"wait":9,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tdzebli.com/favicon.ico","fqdn":"tdzebli.com","domain":"tdzebli.com","tld":"com"},"ip":{"addr":"88.214.27.56","port":443,"asn":209272,"as":"Alviva Holding Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tdzebli.com/1/#s9_Sulo/","date":"2025-10-02T22:03:03.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tdzebli.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 13 Aug 2025 00:00:00 GMT","end":"Thu, 13 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6B:CF:51:C0:07:A6:AB:B1:31:F3:75:5C:9E:6C:A2:90:7E:9C:BB:DD","sha256":"FC:CA:17:A5:17:E6:93:7B:E9:36:BD:D2:95:00:67:38:12:F3:92:28:5A:4E:21:4C:78:B4:08:37:F0:13:0F:FB"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: tdzebli.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tdzebli.com/1/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 02 Oct 2025 22:03:04 GMT\r\nServer: Apache/2\r\nContent-Length: 315\r\nKeep-Alive: timeout=2, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server:2","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":315,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"a34ac19f4afae63adc5d2f7bc970c07f","sha1":"a82190fc530c265aa40a045c21770d967f4767b8","sha256":"d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3","sha512":"42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765","ssdeep":"","tlshash":"b0e0e75f41473347402252907dc110d1d505236b797161fd3d85b4ab501dc3dc99f7dc","first_seen":"2023-03-07T01:02:33Z","last_seen":"2026-06-03T16:36:14.405944Z","times_seen":145751,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/44/assets/js/js.js","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T22:03:05.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/44/assets/js/js.js HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/s/42cf1c2250951\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 22:03:05 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":151,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"e46de74d1bdfda878c542f3eafd6430f","sha1":"04174b7fcb23a76f5fe923e2e565a81652569402","sha256":"54bad1d3ee7350421b67a4fdfd7f5e16e0fae60748ad0308ba0b78f745c50595","sha512":"b4229c502997fbea62bce47000ebe10aa9bcbb35693b2a9a0ef1fe0e4a9599edd837814d62b03dffcea2b15044b0ba85568218ef0e882d81085abfe001c9db13","ssdeep":"","tlshash":"e2c08c2cf3fc896200bf70ad0827c84c15322441364b2b01c0ac16102ea951c3666a52","first_seen":"2023-08-06T21:26:39Z","last_seen":"2026-05-13T12:34:59.258964Z","times_seen":80,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/44/assets/js/jquery-3.2.1.min.js","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T22:03:05.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/44/assets/js/jquery-3.2.1.min.js HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/s/42cf1c2250951\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 22:03:05 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86659,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32058)","md5":"c9f5aeeca3ad37bf2aa006139b935f0a","sha1":"1055018c28ab41087ef9ccefe411606893dabea2","sha256":"87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de","sha512":"dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58","ssdeep":"1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9","tlshash":"4483e6d9b2c67062977730b950bf410bb17a98dab44c8c60f158d9d47eb8a8d907bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-03T17:51:06.323438Z","times_seen":92323,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/just-validate@4.1.0/dist/just-validate.production.min.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T22:03:05.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 10:31:15 GMT","end":"Sun, 23 Nov 2025 11:31:12 GMT"},"fingerprint":{"sha1":"77:EF:87:8D:9A:D6:8C:EF:F9:8F:05:89:BF:F2:6B:C2:CF:78:19:EF","sha256":"3C:23:A9:CF:90:2C:6B:74:27:D0:FC:3B:92:A8:A9:AD:66:5F:B0:D4:DE:28:80:4D:49:D0:4C:22:AE:D2:F3:90"}}},"request":{"raw":"GET /just-validate@4.1.0/dist/just-validate.production.min.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 02 Oct 2025 22:03:05 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-encoding: gzip\r\ncf-ray: 98877cdda818712d-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 575729\r\ncache-control: public, max-age=31536000\r\nexpires: Fri, 02 Oct 2026 22:03:05 GMT\r\nlast-modified: Thu, 04 Sep 2025 18:07:59 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncontent-digest: sha256=:wIsRsjLOoDtGfUDVsJkNferuBK4d568tTrlMNUS0waU=:\r\ncross-origin-resource-policy: cross-origin\r\nfly-request-id: 01K4AYKYJ8CZHGB7GS0VB37ANW-fra\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]}],"data":{"size":28389,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (28388)","md5":"713352ee6a16034c696a6e2785b92280","sha1":"6289cf9b1f0e775ad3feb36b0fcfe5af301a0e5b","sha256":"c08b11b232cea03b467d40d5b0990d7deaee04ae1de7af2d4eb94c3544b4c1a5","sha512":"8c42085cda5010ff9eb71174f3f5af3f94f276ab1b134241ed70cd37b3c8d7b8efc7a0899e964be8cef88474da2bee314158b86e45a64ecc0294f8dd628de2fa","ssdeep":"768:VkW++Jv/0btODUsl7dMrXfSCiwgRgpZ1UuVvw1CByfDwty0HD/h7PCByCrCagSZi:mCsRXaCiwgRgysnY3gSK6U","tlshash":"0ad2d606267109234dd94ae9e08b9543b3d1375da518a4ccf73dacfb9a8dec630937b2","first_seen":"2025-09-05T11:13:19.031002Z","last_seen":"2026-06-03T16:20:54.432823Z","times_seen":8682,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":11,"dns":4,"connect":2,"send":0,"wait":21,"receive":0,"ssl":6},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/favicon.ico","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T22:03:05.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/s/42cf1c2250951\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 22:03:05 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 15406\r\nlast-modified: Fri, 25 Apr 2025 12:01:11 GMT\r\netag: \"680b7987-3c2e\"\r\nexpires: Thu, 09 Oct 2025 22:03:05 GMT\r\ncache-control: max-age=604800, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"3dee16bbbc5f6765d0f7f5af5b0a854d","sha1":"6df4c718df2c6e96be91c7f7c6b96ec0a9f085cd","sha256":"77b36f6189bd94a6b360681983a60bfe4c3f33f2e1746a08b1520777e378212d","sha512":"74893d14b6b9c16c3f7e0c1c59af33f63b4326a59d81df6c3a79eae78a879dc8765bd13d396693a86096efe8402b5ce81344110c6c613e0e5ecb05d42ed16df2","ssdeep":"96:nvy3aVUX8WgWuao80oyAWyN6Q9qkNXC2v:6+mTGaV05Fy19PV3v","tlshash":"156230b6840131b8ecadb1758336956e60b79c546ce2754fe23839344f72e42fb6e60a","first_seen":"2025-04-07T11:27:09.63149Z","last_seen":"2026-06-03T09:25:56.795399Z","times_seen":4902,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-02T22:03:05.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /s/42cf1c2250951 HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 22:03:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nset-cookie: s=fZIoH31AFVJ6nzRDjS68m0LBVT%2Bwk3ef1Bdkd74neOe3QZI3Hq1aHr7AJaaWTsYpkkE%2FixS66NDxPVfyorsGWSB%2BNvSRHptb9xe4T6R7DU3l5%2BQqPJrbdS7dL%2FquKQF4z%2BDDKDraxjthPyPDEsf0BR34ZZG20TpUzVWcZ3Larb4MR1it7GvcoAT0ItDyx9qRtpo4yJvmyq%2BhkWAo3dHToUt4ZJ2uZ4LzQptz%2BY3eqApPMm2i1dg32D8Y4AWMzMbxlX7gKSndJG8L6wGaignMkEVC%2B%2BJJ1W6ljWoi6e%2F%2B01I1mJlmib5H6DdERZOe1eYN7Iq%2FVddhqULpkuwP5Nt0hDdPtRa61FbF0TqMlYTel0sp2s%2BB3gU%2BNsPmx3raQ4zvE1U2rgne2xHTI%2FIdoKfOTCfRD%2FdK0IaJz%2FzMk532NdkNfxpSwCJxcOkEnuqlG1q%2ByzQRubof5LMQ69RSED4a0aHZzw7l8lZ4OsxJTCScRpxamg6bLqbuWGdoxrX%2BoST%2FOvMJAups6AI4WrT%2B3z%2BFdri9FiNdd1OPYxz9B6bg%2FeFeqfKpt57cB2ubaXy6Vj9vIc4Xud6UVFCntfFpMn4mJWgaxdqL3zm5cwWSrV1LfHGYvVmKF3TtwYvhivyLxRXzAngdIXSRc7vnHDkYkVOgDobV39R4wiBx%2FfKAOoXp4f2h%2Fv3zLYBzldkUnrZSXibR6ooFdHxU3Qqd%2FaC0Y0%2BouDvCAfn8LJixGVIcm%2BUAQI64VShh3ldO%2FFfNdg%2BidOO7O%2Bk4dysL0eSVhD0g7HqKvarnIeQMWMRCaGYyT8U9KKwbBKW6pyWi5NCZalRPwAhPopw%2FNgD1fKPDZhOxGtdfa2M5LTOib2waqW%2BS8sx2T3BGK%2BYYNs1tierkxRYD0ykRnORdzwcn5fTtPeoRbdDFm%2Br80KUcZMjGQNgISc24nnq7%2FTnIQllyepxbv8vlPgU5g7wfDPwCfe90gMts5%2FtMg7vTOMtqfFmuMXXa8lG%2FaHswXM6ZoeXYsCYblxd2pFGjsrIYoawrrlIW%2BMPvBZiM3vK2cyZqU%2BsusWvu2zeTSzyUodmuV4xvOaE0fyXyyBE1j2%2BdQVdEA%2FBr8ZGiyExijX%2BQlmuFgGO%2Boq2X%2BmwjIreT5TUkg9IepuQlBLnlNpo6iTdEixfwLtX6KMxMcK%2BOuErmj3%2FIT2K9CPCxfASwbCeu4BF5mrnIMTPG7CZ4QA4bLXlRLto53YJvZwilkSG0nsFDJ9LGfx58MxbH69MBCwP4y51fbQUIo%2BajDr%2FUzR84boyvpahlIIGZvmwlNVQ%2B9xJ%2BmITIXMQnHOOYVsALQcUfaYq1H02%2BPaLqzBgR9xtfAJP9nOPHl5ZkDSZj2MwZmYGb4ZdaPl%2BbDoqH3ERtGjv3DIzBikMWklQ6M73v9fjxXZ10jPSRN%2F1vE8F6pbwIQE1z9vPPnQEe%2FRn7MUIPLvLSP%2F4LsMuPdDoobvh4bvmD55MYBiHiw6iBjIdSTqIAmPyPSvIt%2FTdlIekdgk5lgW8npbBI62oyLssxZ9oujA0K%2Bf9eKmdJP3s6Uv8Q%2F105Xj1a56Mrhdch%2Bv7fiDwBHRAoFfioLrfrKQjbDms4czed%2BJlH50sWJQDw36YtGlqCr0mWi0w%2BIuh8QA0dzsZCVSgkkUXfAySj3cC7005uzeTdN5tDEJMpJwr5ozGgyOLKl9SQXnpSDxtht70788EzdpwvrGGITmvyEXRTc%2FvyXoYquyHi4DUqboKMFFfp233hOgPmzXfD%2BTUz%2Fa57KKvNoFKAb0uQnKCDLZilqREk43BGRiY7zUweTpTUfiQ64SJGhqL5VnctGQrUA4SrgCn45aS5ECLO7TA8xOJHH20K0oj5%2BJPnTg1YZ4qrsyjBkMMI76WgZt4Ja%2FVyaO%2BdhberTu39pMHiA4p6lBq9h2M9XlRraNvyP%2FwLh2YotKPFI91nLPmUYWv21VVLHlL64FPrAq%2Fafojke8CNv6p4CKTbvFsIiRk5mkT1u5ItQ0%2BYCgnU0SYiCsY8xfvMWK3umFdXnBkWjMzkmIYMJ6K0PWH9DWPK6o1jTpwRqTWozwoV8s%2FBcxXGBCiqozc%2BF%2FfvGtdXbEceDJnYFcR%2B6CC7qhTVR0gxiGPKF7HFCaAkaQTLeK2YcKihHmqcZaRP5VP%2B5SX5Rt6fgjd2GBZ8xKrbTLUw13Id9lrKK2vdjJbVxAOeyPMhAKzpLyPQ91FbpE5%2FPTAC6vkJGDvPkKBNWkhuZQi5P3LmpaSb4rnZt8exhUyBcFxR%2FYxUqH8z4PJWxRQV7VjzddWw7%2FvCU8M1DWGNE0YBjKbTtMhxnPzREF73pLimMjfTPIby5j15Qgi%2BxBlfO%2FYZ2OjYQHiqo7wHims2xaNKzp%2B51e8r1jJNvLN8ISohVV%2F8LSeSv%2BXbdqqOEI3lUVJi90zkxh%2BwRHaDhLaS472YCHgD%2BgnJgJl5UL7G%2BhwAw1jyAMRtnQJtpf9swa84H8arpp0N0l6b3fS98np0XotOQIRsxzesipvRHhIdTa7fwHpfxgxI5arSft%2BG9u397d%2BXudIhNt0h8j5XXiLxnMoZDwZ%2BWuXQ3f5BvgMermaYr2wQqXNxBXSUUxuPomS%2BXH6MNEhfbYp0lA5s4nmWuKi3Oty6d%2B5PNL5Ag50XFw4UBRMxCr%2FRyGYu8JCC119vksCzNa%2Fg725Pq7WdFOHxJqZuZ9qsR%2Bh4AoHLuGDW6AZxbcDqwU28ZeZksXwpzrJR3Wksl%2B1lkcXEPiQf2mCdEm8YyqWTOAVHF%2F8KtxX%2BR50JzWOhMg4l7PSl7EuSD%2Bi9PjIfrSiUyhklZnwD%2F%2BG5IKg78qjFvK61B0nUOWiSGxIcbv4CdLszLQ2e1WoMkqEF3FdudAgyoWbMflbsAr1sbAtspD8bMplIZEQAV2plnEmRd9v1BOaN8PZGNX06vb5vkcovRImGUskAedMrfE%2ByB51CmIHyOrdBidjHbBVspNyu7ColZNlvNOMig3%2B2dTBc7dZN2VHqXjoJb9JTdJbmZazfIvGJetMUQ3CkmEdR2GzX%2Fb4B6ezEMoGH03MTBZ2e1RhjPwnW8LhVRr9WGw22iGfhLr%2B37QM1bDwa%2FGAg61Kfx7nbh1QZznHt6dW3UyalNEXGNpnT%2B7Y71s1GAwOWMj8lFHo%2FPyrAnc8H1AhdtPSh3Wl0VWg3MD9O5kC6s1wSVUVQwH3i%2BNeuE5H090Y9j2AuWzlgfTnU5tSqi%2FX7X%2F%2FGHJFYDZA9V%2BdG85KT18xRtExb%2BjGCof%2BjtLJcrUmlv5l23hw7dqe6fp034VUrLojDb%2BNJ5KCGduWRhDF3Mj1jfz5xQjw2x6awMJjMIobcuFvH2oKnBjuFL%2BT2TnmEoZ1vY8ujlplbmfrcpjHjZMFZzZ%2FgOKnSuP0VPORgHALt1AYuDi6Cdmcj58TFTw4zUxIxaiERlPvyLHJ2PmYAtQnlmdnNceVc8COfEsJ2J21rGxGgsbuASSdnKhhs5UlgxAxDPPQFoedrJKVLVSGHpr0gjh38v8U0Gu4guCKR76AZfBBit5gTQEUWlrPk5o8wmLJUVj9oYYGH3ZGNB7WDYnPM1uOK5lKSiQEq3LqLfur%2FQDX7MWDY%2BZskNvU837HkkqeTfaVJJ6iHojtV7yhT3wRtVQRrgF6nnyAn%2BdcLjb0izBp7IV2r3jEjYHGcuCJbRoute%2B9BDX8b7%2FSj2d5efqcn7rrFmhwSmjzlnHo5n9%2Biexpr9XaTBMfr00JvlwIlnFb5%2BBqG%2B2Ah8vtYQn7RGtY7ozHi3FlHwvuptRfns5RGqN4GEyM8U5FRZqEkIf26RxLrRbH1YRXzEGENgZQPYkBohb1Wqbc82WmyiPhw35tT2zIk5lvi7SP7XzI1zeE0yFoxINpqyVxCZimEnBojinyDDs7I9vmEBA%3D%3D; expires=Fri, 03 Oct 2025 22:03:05 GMT; Max-Age=86400; path=/; domain=flirtosmart.com; secure; SameSite=none\r\ncache-control: must-revalidate, no-cache, no-store, private\r\npragma: no-cache\r\nexpires: 0\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Unpkg","description":"Unpkg is a content delivery network for everything on npm.","website":"https://unpkg.com","common_platform_enumeration":"","icon":"Unpkg.png","categories":["CDN"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":47539,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (30569)","md5":"38b9a95b7aaeb65b977d0c9555d57cb0","sha1":"32fde448b53945ea573954d79d49ce4aebbf27b0","sha256":"28aeb0681fbe285dc2cc8dfff5ae2cefc0e35a6ccdf70fb9b334a32f2c18c11f","sha512":"3d2cf02c0f28c793fde73ed3eea80dc18e7294b7b5f4f16911e204f81934d72a87d2c4a87ed2f0a96558d36ffab530821c32e0f978b6e9936892d5fb34380e0e","ssdeep":"768:RsgnSMdqAPbBRvB3ACfaYOTQpz0eEdAQHupIGbpn1J/Pw:nnPVRvB3ACfaYT0eEBHuN4","tlshash":"f0232a4d31de353a02a322d9266fe108707e4d57700d4840fabf56942fe4e6a627bfe9","first_seen":"2025-10-02T22:03:31.273568Z","last_seen":"2025-10-02T22:03:31.273568Z","times_seen":1,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":76,"dns":7,"connect":32,"send":0,"wait":63,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/44/assets/css/style.css","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T22:03:05.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/44/assets/css/style.css HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/s/42cf1c2250951\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 22:03:05 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nvary: Accept-Encoding\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5646,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (5575)","md5":"e155b0fbc0c8e1a6cac6ce6f13b8e951","sha1":"9f0374f0fc14ec8a258f33c58a12b7ec46cc4b0d","sha256":"2c0b9e72365350d9f58bd8aabcb877f35a5f5e2500916eeef340a3955543dadb","sha512":"1ac22d05cf6abbd6d705160df884375a1e464e264f52f78076c301ae879c2e78172cee66ce179242bb05085e8ce1347f935c1a810b2d1dc7e48730cb969d5f84","ssdeep":"96:nMbtWglgDUeJAE2lLVRlJKgcuf8dRlYwQIhJkSo4b:n6WgQEGgcI8dRlYwQ2s4b","tlshash":"12c18472e605207db537caa9f5d06bdd221cc103d9170ffde965b9a0cfad0aa2072786","first_seen":"2023-08-06T21:26:39Z","last_seen":"2026-05-13T12:34:59.247235Z","times_seen":78,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Lato:400,700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.138","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T22:03:05.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css?family=Lato:400,700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 02 Oct 2025 22:03:05 GMT\r\ndate: Thu, 02 Oct 2025 22:03:05 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1556,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"fb11803945991f23c6f306b6943b1012","sha1":"fed43f9f939246591860130c7cbfb84ce282614e","sha256":"3f7a1dddeb3c904b5573a2f03f3dbeb9ed69bb8cd30e4917f9f1e422ee51e0bc","sha512":"249034099f738fe88da46e5ee62dc04c4a1f368c26986abcaee477b53aeaa52e6b46573eae2b9b17ca5430a6b5c85573a27af7ff72eba2430e373ab7ab98f0ef","ssdeep":"","tlshash":"9431bd91096fb508db830cc212c97d32ef0f625064499831aeff14d8bca7c699362b0d","first_seen":"2025-09-17T01:18:38.016711Z","last_seen":"2026-06-03T17:25:31.343086Z","times_seen":4788,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":56,"dns":0,"connect":8,"send":0,"wait":21,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/lato/v25/S6uyw4BMUTPHjx4wXg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T22:03:05.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/lato/v25/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://befjajh.flirtosmart.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 23580\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:57:51 GMT\r\nexpires: Fri, 02 Oct 2026 12:57:51 GMT\r\ncache-control: public, max-age=31536000\r\nage: 32714\r\nlast-modified: Mon, 15 Sep 2025 17:09:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23580,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23580, version 1.0","md5":"e1b3b5908c9cf23dfb2b9c52b9a023ab","sha1":"fcd4136085f2a03481d9958cc6793a5ed98e714c","sha256":"918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537","sha512":"b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828","ssdeep":"384:dRkIAJ8pVwWTW5VVjdVn8+2yvAMdriCEOY0kfW9GkAPqpPHi2vUuUSzB8:dKIAJ8pVHTZ+riY9oCpPHiodUeK","tlshash":"91b2e1ce5d546e3a8028213785c17b488273572e9edf42c6dd83a6263a7092cfd3d96e","first_seen":"2023-04-05T13:28:45Z","last_seen":"2026-06-03T17:57:31.381925Z","times_seen":228822,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":51,"dns":0,"connect":8,"send":0,"wait":9,"receive":7,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/44/assets/img/bg.jpg","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T22:03:05.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/44/assets/img/bg.jpg HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/bundle/44/assets/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 22:03:05 GMT\r\ncontent-type: image/jpeg\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":201964,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3","md5":"8d4702e68d0a5be687984f1e51dd9fc4","sha1":"ea7f36e3efb63f6d8c005cb599059d52e3009622","sha256":"780f083aca765f3ccf0aabf16263a794051aaaf73fa074efb469c8bec61643db","sha512":"f04e3c4a258ad90c3c51cb57f6d1a542924dd01d207209911c39af566e423c17b7aa502bb9432e40da1e87e6dc418a3a2f3f3719d276b5a819a00a6334e28d6a","ssdeep":"3072:L69MJuFBm899tTv6owzzdJ6uphLcYEywOk0MmHdHutxGhriMGIBqb3FBHsN8Zq:L6YIBvl6owvdsiEb26MTsBHw0q","tlshash":"fb1412337796ca7b540fb6f19af99103ee80be43bee0dab55090c72491c4498ce096b7","first_seen":"2023-08-06T21:26:39Z","last_seen":"2026-05-13T12:34:59.262791Z","times_seen":80,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/44/assets/img/u1.jpg","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T22:03:05.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/44/assets/img/u1.jpg HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/bundle/44/assets/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 22:03:05 GMT\r\ncontent-type: image/jpeg\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32612,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 500x667, components 3","md5":"5d1b17315ed808bd0f8d82ddfb28e590","sha1":"eb8d1da39d8a7c09d24609e79abf75478a4ffbd3","sha256":"884a7432cad6a5c960352e970a53f7c17a8208eced5f58c43f727f0bed806176","sha512":"2c42c59a9351cb67f74ba6b203b2ec52faaa93470c3ca9b8b352868852942211b594332abaaf4d42d9af323888d5e606773afd7ff0d8872b3377517cdc7abd30","ssdeep":"768:MikL03N+e7idZLgqyD1lBSqFdCJKvHqa644dlal/Pd4ntH0:B+03c3LgqyD1lMedCJK/qj4hN","tlshash":"fee2e0a2576b4d07c1e5e8fd261892b2a7bab49a8f2917243a073f040c247f47fc5f49","first_seen":"2023-08-06T21:26:39Z","last_seen":"2026-05-13T12:34:59.254652Z","times_seen":79,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}