{"report_id":"a02c2a47-43b3-4241-931b-3a01dfe4b4b1","version":6,"status":"done","tags":[],"date":"2025-11-06T18:31:43Z","url":{"schema":"http","addr":"usacommerx.top/details/angel-city-spa-ChIJ3R7","fqdn":"usacommerx.top","domain":"usacommerx.top","tld":"top"},"ip":{"addr":"104.21.73.5","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"businessesusa.com/details/angel-city-spa-ChIJ3R7","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"title":"(1) New Message!","dom":{"size":73616,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"bd79517bdd8e0765a742d96863187ab3","sha1":"ee201dba580aef3d41d99fb7b74c828d8bc0266f","sha256":"7e28d8a90f3fc6a1fc60eb402fb026f6a57f10c6862012744d2debc8d18ce75f","sha512":"b5652d54ae70083b098b7d7649c2e75b3c387a898407f1c66f04fb65cf19cc5798644412248b3c6e163d55067d205c1b0fca3ddd88cab4f50a73fde57dcbb342","ssdeep":"1536:mTW72JR0YpRpxitidbObgHuHHFlFzFPFUWBaePwy:jBYpRpxitidbObgHuHHFlFzFPFUWBRv","tlshash":"6473db5b6dd60540931a4269a3fe2b28271c4583185ffcf9b39614ca8f4967c62ff22f","dom_hash":"domhash0adcdf2fec7fa1791d7e37ce959be9ad","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"usacommerx.top/details/angel-city-spa-ChIJ3R7","fqdn":"usacommerx.top","domain":"usacommerx.top","tld":"top"},"ip":{"addr":"104.21.73.5","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-11T18:31:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":17}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"usacommerx.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"flexibleno.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"flexibleno.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"flexibleno.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"replit.com","ip":{"addr":"172.64.152.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2011-09-02","domain_rank":8181,"first_seen":"2015-09-15T20:45:19Z","last_seen":"2025-11-04T03:42:23.547379Z","alert_count":0,"request_count":1,"received_data":5542,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.show-sb.com","ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":187612,"first_seen":"2024-08-31T03:46:04Z","last_seen":"2025-11-03T07:36:01.787899Z","alert_count":1,"request_count":1,"received_data":2962,"sent_data":488,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"businessesusa.com","ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2025-09-10","domain_rank":0,"first_seen":"2025-09-14T09:54:51.400579Z","last_seen":"2025-10-11T20:08:11.044929Z","alert_count":0,"request_count":8,"received_data":614343,"sent_data":3781,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"3.74.93.226","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-11-02T22:44:08.106316Z","alert_count":0,"request_count":1,"received_data":426,"sent_data":457,"comment":"","tags":null,"fingerprints":null},{"fqdn":"usacommerx.top","ip":{"addr":"104.21.73.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":4382,"sent_data":513,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-02T22:12:55.494707Z","alert_count":0,"request_count":2,"received_data":81926,"sent_data":1104,"comment":"","tags":null,"fingerprints":null},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-11-02T23:40:50.378593Z","alert_count":56,"request_count":14,"received_data":232512,"sent_data":23714,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-02T22:12:57.589972Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"flexibleno.com","ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-09-01","domain_rank":0,"first_seen":"2025-09-03T15:00:14.107365Z","last_seen":"2025-10-31T08:33:25.238959Z","alert_count":3,"request_count":1,"received_data":47352,"sent_data":447,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"sourshaped.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2025-10-31T10:15:35.51402Z","alert_count":1,"request_count":1,"received_data":513,"sent_data":498,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-11-03T06:57:59.511805Z","alert_count":16,"request_count":8,"received_data":272876,"sent_data":3680,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"lh3.googleusercontent.com","ip":{"addr":"142.250.74.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-11-17","domain_rank":303,"first_seen":"2012-05-22T07:35:05Z","last_seen":"2025-11-02T23:09:28.157824Z","alert_count":0,"request_count":1,"received_data":62634,"sent_data":498,"comment":"","tags":null,"fingerprints":null},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-11-05T06:46:05.825611Z","alert_count":6,"request_count":2,"received_data":171926,"sent_data":830,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-11-05T13:40:38.009002Z","alert_count":2,"request_count":1,"received_data":377,"sent_data":420,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-11-02T23:00:15.027713Z","alert_count":0,"request_count":1,"received_data":65441,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"businessesusa.com/details/angel-city-spa-ChIJ3R7","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"29e920bbe29e2708f422094fc52291cd","sha1":"c007035d99a09804fcac557502d70bad512f1e92","sha256":"83fd7269cb19db176b15d636cb2930fc2c16eb2710acab10b46075f592da994f","sha512":"1840f2720fe736327efd53f866f7f4a31b8b1b70fc10f2325126a717c89ba9af8e32e79eb6e5f065222cc128d5cb01c949996c2cf643c05fbc6619249672dab0","ssdeep":"","tlshash":"59f020a63c894034c7b713763bb39154703a392f340ead65f55d68523fa4a7208ab91c","size":572,"data":"","first_seen":"2025-09-14T09:54:54.916555Z","last_seen":"2025-12-17T02:13:53.955622Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"businessesusa.com/assets/index--e4MNg4t.js","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4399f7c5c67cbf8f093532917e02c6e","sha1":"0f87f3af37c05234831eacd08d5f6b65a18e521b","sha256":"9730711cfaabc39493b3d4038c8ce35f1dd6123ea0d15a8ccd79746524a921f4","sha512":"f1a2414e14b049a8ad4fcdf55360e9d5894f616ee19f5595d880445ef1071ef668b5c36c019b0e6e21d9fab41a003b2369e37796f3638ee1f100d71e2f2bb37f","ssdeep":"6144:XQbSUHKI8ubyIdYT6BYkYBAugyVaKW33C2aksnSCpL:hUXK3kYBAuJJW33C2USy","tlshash":"48a43b58b051fbbdaeb709e2543f8029713e1b15e90e88a0f07ce8752774506b267bed","size":485063,"data":"","first_seen":"2025-09-14T09:54:54.90887Z","last_seen":"2025-11-23T06:20:47.114097Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"businessesusa.com/details/angel-city-spa-ChIJ3R7","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"be2ffd2eb8c555ed360df7335204ffc3","sha1":"fd41cb7bf005c8b18a774b571eba81cfe8ce4a01","sha256":"f0339f0f51dab156b1d815dc486b1d39141f46d6f56e67b71ef109c94071f4fb","sha512":"3021e6623a2843e9e0055027768fa7daf1f6818680281e0f9740d16534fbf95dc6ab7ba4dfda04a1fd6c8bb4403ff58f0c907c1714fe8e1399b44f87df05e132","ssdeep":"","tlshash":"68e08cfd108bb20060a3cc271aacb24452208d233c0d68353acc68285ffa59b44b1b79","size":328,"data":"","first_seen":"2025-09-14T09:54:54.917769Z","last_seen":"2025-11-23T06:20:47.135538Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/2c/16/00/2c160054c49acd38e63584b7eef26cf0.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fa7aedc30e692a7bc1e2dfad860e3844","sha1":"2ec8d6aa851dd61638d0b2c73304c67474d9fdd5","sha256":"4066d7df620a85498e96a46832c6281194d42d6391cfd9d3690121967f7e3cb0","sha512":"7196898042f7e92b4ddd9ef63f7d1020c246db54cc544fe103152eeaa16d78c6dd09d33e964bcb5ded2bcfb945c881173c0db51e0325a6f185cf496c70e32633","ssdeep":"1536:l7+8KD2HAUk06W7qx61GpQU8/M5XTSvFu081y736V8xefnFARscKv6RQc27YhOhs:d+HLT5Iab8xe9ARzXRR2khT","tlshash":"44b3b38dbf92f16d11675072223f9426f02e8d56658dc554e222f8bc2fa831be939f34","size":112078,"data":"","first_seen":"2025-11-06T18:31:50.8059Z","last_seen":"2025-11-09T12:51:21.262747Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"cad5145351007698df0248c66e3bd2cd","sha1":"cf458c9934f094c6326257f231391ca54a17c75c","sha256":"af9866d9baa2b29d3c8a9ec62374dd18e6c4843fee49816f193a73288eae43ad","sha512":"3ad6fcc6c1995992d2573bfa84a2bf095797c3ce1612d79839fdcacac287001327ed30250f146337340c47c026c829312a78243e7b15dec0a794c2b13b8eb0b9","ssdeep":"192:FfY2LlcrcYmJsJsVan1oJJpvOHMk0Tw3f5czhGEhN70oz0EhnA3YED8iDehT6J:FfY2LVksVanyYH4TARCN7DRW3YEPb","tlshash":"8252714418bddd64c548a12e307e2266f72809639c76bbd8bb8a4104afce82f797513f","size":14323,"data":"","first_seen":"2025-11-03T08:00:03.657569Z","last_seen":"2025-11-06T18:31:50.814483Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"replit.com/public/js/replit-dev-banner.js","fqdn":"replit.com","domain":"replit.com","tld":"com"},"ip":{"addr":"172.64.152.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c875bf85285edf319e9e397815735aaf","sha1":"55f747a372d2489b55498e57607ce29c83f6658a","sha256":"942804fdb82941761ddd48d9eb3a40fecadbecdddfa8d7a677f384eaf0c2cb0b","sha512":"c2ebbd750e6e1ceeba2f1f6acee522bd04682d2512ee6606f6f9c62f021301b5b862a7d472d10149a2d4cdc83936ed90130a70f7157dc55df70d656cfb74ccf5","ssdeep":"96:TZ5Fz5FH59dJuv5GGO4jw2y+ZL5P7buUyDSoyqeUoW/cle:Nfb7dJW7w2yolP7buUyDSoN3/cle","tlshash":"3091856a6f731235952390ec5b8ba3412338b00be10acd597aad824cdfed614e9637cc","size":4625,"data":"","first_seen":"2025-06-09T21:55:51.282265Z","last_seen":"2025-12-18T21:30:20.542242Z","times_seen":755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/11/a5/76/11a5763e8ad61a51c9f2d702688af48b.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e2213ef7a0a00c2600382a7ac46b372","sha1":"5bd4accf8f4439bad5aed380ddb0112c9d86cbcd","sha256":"e72a3d5320f14169d0757ebcfd5e715f8e4a2f5a8c084b136c90ae80303e9a55","sha512":"cab1e5ff0a49b01fe0acda320d33b8de0fa7fbd56285a05953afc3cf09ae747e7bb5a8318bf1e3e181b71836cf6c3d57199a7618d668adb42d11c86cb1080b79","ssdeep":"1536:dIhb73s72DQsjQlZKEMO2N6BLFYQPNT41FXgKkGCWUMZL:dibxkN4O2N6BLFYQWDXgKsWUM9","tlshash":"6d83f8883f81b65812a2f133723f999ae1da5e451888d054d303a8dcbf7d71ce93af65","size":85066,"data":"","first_seen":"2025-11-06T18:31:50.797152Z","last_seen":"2025-11-06T18:31:50.797152Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"4387919488226720a8e2e23d157e0a08","sha1":"a213a6bc1a03a33f126e313c04237ff586b3efb3","sha256":"f849ce9eeca615e2bc1c099ccd84487317461d408140d497a71b54d4400b6a68","sha512":"82243d2f4ac6210068a1a0d69b9fde2bc76a89d68218cba7aeccec76d021a7f8949c3dc2809a21963a4ab457bece66f7094391f22feb4d08cff44fb2ed576dc7","ssdeep":"","tlshash":"60c08c846f040d31b1a2388dab0a33c149c25323f82c8818510c68bef0b72330a80828","size":145,"data":"","first_seen":"2025-09-14T09:54:54.911283Z","last_seen":"2025-11-23T06:20:47.137545Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"7a989c8f12b6ced616b93d8e900bd9e5","sha1":"129cd93a0264185e99ac0f49fd94c778aefe6289","sha256":"707a33f47a517bd5839a0dd1e0c6bc15d4207333e41b5ca2bdbd2a9fea152256","sha512":"25ee2ee2589640df73c7884931f8b70793b2d943b05d4642ac0b7a17779f3108bf8e3b6384049a44c7c043cec47865d757f7377f19c943c6c48293b17d3f4461","ssdeep":"","tlshash":"4d31097260de04e1bdefb373415e36ec5e64b39154089ac1c84c8ec5693889b23a8ca9","size":1794,"data":"","first_seen":"2025-11-06T18:31:50.816163Z","last_seen":"2025-11-06T18:31:50.816163Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84384,"data":"","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-04T06:28:25.781081Z","times_seen":10363,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flexibleno.com/cf79cd585778f644d39f030467538e4b/invoke.js","fqdn":"flexibleno.com","domain":"flexibleno.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ba1cbebbbbda09a1cc9d10fd14cfd6b5","sha1":"751530bce2ec43c5e8eab53a28324f22cbd7c5ca","sha256":"96175b78d8fea90e37f4d0eaa4bba27b873333c95865d745a86cb2bfa6d87494","sha512":"eba589e30037de7fb56ee98716ae884397a2d696f4d0decf4c6e34f1571a763f2707261fe0dd03be39015a665c6aef1f11c3fd6fb31aa011088a2aef764b6457","ssdeep":"768:Z05/C6gfHBHuf0NIjEqeJMtQIHKmt2FycS2+S:Z0I6gfhHuf0NMEqeMQIHKVQFS","tlshash":"f723f7883fe0f66b07727437126fd11ffa6acc019888cc5cc946e5a92f68b19e536b45","size":46512,"data":"","first_seen":"2025-11-06T18:31:50.811247Z","last_seen":"2025-11-09T12:51:21.264803Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"2e995e3b32218babfc8643984f2acf3d","sha1":"a7435029e87328dedc772d6b6745969d96a448cf","sha256":"ed7351d92d7e039b0405539ab9e5ca448b9eef7338c5e7e42b844ccb0d7365c4","sha512":"a7216daa557ed9f428863ea595680c04f13e893423d7877fef0e1a25ccd7643a0314b6654dfe7f8bef4e549a5d19f4250732494afed2818abfc6b7c1f7261be1","ssdeep":"","tlshash":"42312ab201ce04dd7b8eb307863e38ec4f7073a9e014c8d0888c88c5aa6481aa7880f8","size":1530,"data":"","first_seen":"2025-11-06T18:31:50.816975Z","last_seen":"2025-11-06T18:31:50.816975Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0ac9a697a84f79cc226e8bde7395a88","sha1":"5d2cf03f9aa43ef5e908cd465b0b36f0a7698775","sha256":"014281300a349097554a425e9299bd8111a0316855d52c03e059ccfd769178d2","sha512":"7f04afecee5ac78e7cbea7654fd29e49a6fc76965d90561a78b84b5cf6ac87f203fbcb86a7decfe0fb2880f0dbb9b0c389b78db6afb59afcb54945d092beded4","ssdeep":"96:S/oz/sISocmkfOj4k/vcmkfOjNc1jDL0FCfMEDaH:Sgz/bhcdO8kncdOqvL0FCkCaH","tlshash":"bb911a715cd944b4789f722b467e359d1e20b31a6408dd85fc8cdec56f308a95a98cfc","size":4557,"data":"","first_seen":"2025-11-06T18:31:50.817795Z","last_seen":"2025-11-06T18:31:50.817795Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"usacommerx.top/details/angel-city-spa-ChIJ3R7","fqdn":"usacommerx.top","domain":"usacommerx.top","tld":"top"},"ip":{"addr":"104.21.73.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-06T18:31:17.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usacommerx.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 22:11:29 GMT","end":"Thu, 11 Dec 2025 22:57:27 GMT"},"fingerprint":{"sha1":"36:FF:7A:55:DB:9B:8F:83:41:49:92:32:1F:84:C3:E1:D0:00:D7:DA","sha256":"F4:47:60:0A:39:5C:7A:CA:B7:4D:39:79:ED:48:34:51:CC:89:FA:F8:B4:48:A4:11:B6:F3:6B:5C:81:6A:1D:11"}}},"request":{"raw":"GET /details/angel-city-spa-ChIJ3R7 HTTP/1.1\r\nHost: usacommerx.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Thu, 06 Nov 2025 18:31:17 GMT\r\ncontent-length: 0\r\nlocation: https://businessesusa.com/details/angel-city-spa-ChIJ3R7\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RYgCzNYreGDP1c2MUgdzK1K1pr1tDsdtDD6d8dlYL2FMRHQuuuZLml7FC5x5Agq9Ou4QBCMNfiwSdbo8ISYfkfPC0Ek%2FdfpX2Zpdk3i9\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 99a6aabfae064c11-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3844,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":709,"timings":{"blocked":352,"dns":333,"connect":1,"send":0,"wait":4,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"usacommerx.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"businessesusa.com/details/angel-city-spa-ChIJ3R7","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-06T18:31:17.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"businessesusa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 05:24:17 GMT","end":"Sat, 10 Jan 2026 05:24:16 GMT"},"fingerprint":{"sha1":"93:F4:D4:D7:CB:C9:11:FE:94:C4:B8:2D:A4:F3:37:7B:DF:E0:85:F0","sha256":"CE:9D:D8:89:13:96:6F:90:EB:DD:DB:1F:2F:F4:9E:A8:B0:BC:A5:B0:37:B6:E5:3C:BA:F9:69:E4:4A:6B:95:DA"}}},"request":{"raw":"GET /details/angel-city-spa-ChIJ3R7 HTTP/1.1\r\nHost: businessesusa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 3844\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 06 Nov 2025 18:31:17 GMT\r\netag: W/\"f04-19935eacf48\"\r\nlast-modified: Wed, 10 Sep 2025 23:16:45 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 89ba5da9226685887431815a64be7567\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":3844,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"0e79080d288a01181c6759f7e0cfd5bb","sha1":"baf0c2312ca1b056a4b6d8a8d2b1c1391b5a7f1b","sha256":"d34a1c76654206e0d1f3a5f8f9dbe3a5fa83e07509ef33e7b06a1ce1d5ef437f","sha512":"b122b3140730eae2ad8779ee1cc4f730c4c51ba97dbef078519a09c4a2329c2e636f88fbed7b9270d2274ee13c9baf4c79708a182418e4530de5bb49cbb9eb65","ssdeep":"","tlshash":"b081125388a1cc3863204224ace2f854d666a34f87099c54bb9e80d91fd1fd5c6f33f5","first_seen":"2025-09-14T09:54:54.903409Z","last_seen":"2025-11-23T06:20:47.116476Z","times_seen":21,"resource_available":false,"data":null}},"time_used":375,"timings":{"blocked":94,"dns":41,"connect":12,"send":0,"wait":184,"receive":1,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"businessesusa.com/assets/index-DQ8O1j8J.css","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:18.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"businessesusa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 05:24:17 GMT","end":"Sat, 10 Jan 2026 05:24:16 GMT"},"fingerprint":{"sha1":"93:F4:D4:D7:CB:C9:11:FE:94:C4:B8:2D:A4:F3:37:7B:DF:E0:85:F0","sha256":"CE:9D:D8:89:13:96:6F:90:EB:DD:DB:1F:2F:F4:9E:A8:B0:BC:A5:B0:37:B6:E5:3C:BA:F9:69:E4:4A:6B:95:DA"}}},"request":{"raw":"GET /assets/index-DQ8O1j8J.css HTTP/1.1\r\nHost: businessesusa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/details/angel-city-spa-ChIJ3R7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 110811\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Thu, 06 Nov 2025 18:31:18 GMT\r\netag: W/\"1b0db-19935eacf48\"\r\nlast-modified: Wed, 10 Sep 2025 23:16:45 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 9cd2ffb23c8b767679a6108db24c3624\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":110811,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (65528), with no line terminators","md5":"95cfc569f16ffc4de228dc50dd7f5128","sha1":"91ff80b065db135a6c35e02f8f37ffd869837bf0","sha256":"3fdd032b79ac7fbfc46302e559159050c7000c40a772b73896112c1cb2cb60b7","sha512":"1cb64c85ac53a12320571e7251765d30f445860c0e353e35f0542835dc326f61b906c26821095b67edb9e69b6181537276e60a97c8c29cb850db236b2ba43e94","ssdeep":"1536:ibofh+YQcSYh863UBuG+S378VQZkt5FFCH5k:qofh+YQcbBUBuG+S378VQZkt5FC5k","tlshash":"d5b3c72da664613f3c37b1e4c7ecb45db61ab1d0debe06a9ec9191106fe27f60c5a900","first_seen":"2025-09-14T09:54:54.896996Z","last_seen":"2025-12-17T02:13:53.948323Z","times_seen":24,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"replit.com/public/js/replit-dev-banner.js","fqdn":"replit.com","domain":"replit.com","tld":"com"},"ip":{"addr":"172.64.152.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:18.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"replit.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 20 Sep 2025 09:14:38 GMT","end":"Fri, 19 Dec 2025 10:14:29 GMT"},"fingerprint":{"sha1":"F3:9E:34:06:DC:F5:BF:80:83:0D:48:76:96:FA:EB:E1:74:CA:55:E4","sha256":"2E:8E:10:91:26:CD:F2:D7:32:89:5F:BF:C0:19:EC:E7:EA:40:74:90:1C:12:76:D9:D0:AB:A7:71:EC:64:11:F6"}}},"request":{"raw":"GET /public/js/replit-dev-banner.js HTTP/1.1\r\nHost: replit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:18 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncf-ray: 99a6aac30e8c56bd-OSL\r\nx-powered-by: Express\r\ncache-control: public, max-age=31536000\r\nlast-modified: Sat, 27 Sep 2025 22:05:50 GMT\r\netag: W/\"1211-1998d35fe30\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; preload\r\ncf-cache-status: HIT\r\nage: 1161321\r\nset-cookie: __cf_bm=0IZi_SRDRDpzwMc.y0NH9O2sSX8njSh_mwXJ4QJ5be0-1762453878-1.0.1.1-ek7Qh0QmJidxFH7lP9iWSlConHtlsP5V3vcCeV9BXrgQ2aMiB2bB0GbpD3l37Bf8bbaSha6crgPJN2Scccnhxdw18HvqdRPDrA5e8IhYrlQ; path=/; expires=Thu, 06-Nov-25 19:01:18 GMT; domain=.replit.com; HttpOnly; Secure; SameSite=None\n_cfuvid=6.xejDgztekbVSz64S2ntEoCv9pqn5SZHOiKehFDyuM-1762453878267-0.0.1.1-604800000; path=/; domain=.replit.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4625,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"c875bf85285edf319e9e397815735aaf","sha1":"55f747a372d2489b55498e57607ce29c83f6658a","sha256":"942804fdb82941761ddd48d9eb3a40fecadbecdddfa8d7a677f384eaf0c2cb0b","sha512":"c2ebbd750e6e1ceeba2f1f6acee522bd04682d2512ee6606f6f9c62f021301b5b862a7d472d10149a2d4cdc83936ed90130a70f7157dc55df70d656cfb74ccf5","ssdeep":"96:TZ5Fz5FH59dJuv5GGO4jw2y+ZL5P7buUyDSoyqeUoW/cle:Nfb7dJW7w2yolP7buUyDSoN3/cle","tlshash":"3091856a6f731235952390ec5b8ba3412338b00be10acd597aad824cdfed614e9637cc","first_seen":"2025-06-09T21:55:51.282265Z","last_seen":"2025-12-18T21:30:20.542242Z","times_seen":755,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":38,"dns":22,"connect":1,"send":0,"wait":21,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.74.93.226","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:19.488Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://businessesusa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:19 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://businessesusa.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; expires=Sun, 04 Nov 2035 18:31:19 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"e4c08bcc44965a3786e6e5243bc1cd6f","sha1":"c7829d39b8d117a63805d60b2c69df3856e34701","sha256":"bf9b08ec9c1049e810030379a060100c7fc1dc9f559154ea2ce21f3419fe26ba","sha512":"cc25c614d7419c6aa52608b339693f76c384d202405ec34f7469e379851388555b46119c11481eef965211f91355b82a25bd1294fc90825742f499f5c902dd95","ssdeep":"","tlshash":"bf9004c733c4471055d50450750c45d45c50d1751037c5443513c07074014c7571c575","first_seen":"2025-11-06T18:31:50.79574Z","last_seen":"2025-11-06T18:31:50.79574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":117,"dns":36,"connect":21,"send":0,"wait":23,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:22.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 08:38:57 GMT","end":"Mon, 05 Jan 2026 08:38:56 GMT"},"fingerprint":{"sha1":"50:87:4B:4E:FB:30:AB:11:12:23:8E:8F:6B:DB:F7:6D:9A:37:CE:D9","sha256":"E1:35:48:CB:CA:92:00:73:EB:EA:EF:E9:B3:8E:D0:29:54:33:B5:C7:4E:73:DF:B7:7C:F8:B6:07:E7:AD:8C:24"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://businessesusa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 03 Nov 2025 23:17:37 GMT\r\nexpires: Tue, 03 Nov 2026 23:17:37 GMT\r\ncache-control: public, max-age=31536000\r\nage: 242025\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T06:43:15.240415Z","times_seen":713931,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":106,"dns":1,"connect":28,"send":0,"wait":29,"receive":35,"ssl":75},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:22.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 08:38:57 GMT","end":"Mon, 05 Jan 2026 08:38:56 GMT"},"fingerprint":{"sha1":"50:87:4B:4E:FB:30:AB:11:12:23:8E:8F:6B:DB:F7:6D:9A:37:CE:D9","sha256":"E1:35:48:CB:CA:92:00:73:EB:EA:EF:E9:B3:8E:D0:29:54:33:B5:C7:4E:73:DF:B7:7C:F8:B6:07:E7:AD:8C:24"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://businessesusa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 03 Nov 2025 23:17:37 GMT\r\nexpires: Tue, 03 Nov 2026 23:17:37 GMT\r\ncache-control: public, max-age=31536000\r\nage: 242025\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T06:43:15.240415Z","times_seen":713931,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":114,"dns":1,"connect":27,"send":0,"wait":53,"receive":19,"ssl":82},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/11/a5/76/11a5763e8ad61a51c9f2d702688af48b.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:19.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /11/a5/76/11a5763e8ad61a51c9f2d702688af48b.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:19 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 32910\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7a0afa7717bc3702d9b003084c5edade\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":85066,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1e2213ef7a0a00c2600382a7ac46b372","sha1":"5bd4accf8f4439bad5aed380ddb0112c9d86cbcd","sha256":"e72a3d5320f14169d0757ebcfd5e715f8e4a2f5a8c084b136c90ae80303e9a55","sha512":"cab1e5ff0a49b01fe0acda320d33b8de0fa7fbd56285a05953afc3cf09ae747e7bb5a8318bf1e3e181b71836cf6c3d57199a7618d668adb42d11c86cb1080b79","ssdeep":"1536:dIhb73s72DQsjQlZKEMO2N6BLFYQPNT41FXgKkGCWUMZL:dibxkN4O2N6BLFYQWDXgKsWUM9","tlshash":"6d83f8883f81b65812a2f133723f999ae1da5e451888d054d303a8dcbf7d71ce93af65","first_seen":"2025-11-06T18:31:50.797152Z","last_seen":"2025-11-06T18:31:50.797152Z","times_seen":1,"resource_available":true,"data":null}},"time_used":803,"timings":{"blocked":304,"dns":13,"connect":95,"send":0,"wait":101,"receive":94,"ssl":194},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/3/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/3/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://businessesusa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:21 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Mon, 30 Jun 2025 11:15:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"686271bd-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1mr38tNroDmVmfYGGf5kbihewrDgEOXmY2TXxHR9oFmZY9oCrLwqYE3R1DTn1vAUpjXRNfalUJYG%2BR4ZQuE%2Bd7L58KCAEEVSrGsmZkr2\"}]}\r\ncf-ray: 99a6aad4fdffb4fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-04-04T06:28:25.771249Z","times_seen":5433,"resource_available":false,"data":null}},"time_used":603,"timings":{"blocked":47,"dns":20,"connect":1,"send":0,"wait":508,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/3/img/banner.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/3/img/banner.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 31747\r\nserver: cloudflare\r\nlast-modified: Mon, 30 Jun 2025 11:15:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"686271ba-7c03\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 602766\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TS8bPgv2EnObyrMaSFfnaimke%2FRAUp3x%2B8A8whnSqaAVjeBHU69tZLzMnZ5qw37Qas7pxNUQ7CUJbeTDMMIIHPC9PeTfQrXUkmRaKJC1\"}]}\r\ncf-ray: 99a6aad56ea8b4fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced","md5":"8b80e5aaebd2987d46dd0382da97fdc1","sha1":"bccdfd974f19600eac67f10c43a8d3cd92188aff","sha256":"41f23c36cc8dedef9d191f90f7f85c4aebba6012af7794fdfdf30331df5afe05","sha512":"dbc5a79c4e6b8cc0c1a2a20e857a399e84ff155ce6f68a6de65af23c20d57d7075bf93ba40748fa39942ce84001da19cf5dbd22ab2ab5b4bc3df63d220741e88","ssdeep":"768:oUUUUU2mxm90tQeKC4/cDQ+dexqKogEmXoYIQSR/Fiwecp8wwwwwwwwU:oUUUUU2J+s/cDx73jlp/E7+h","tlshash":"b2e2ae13c4d932371c5a9ded9b6b2b847aa225e320401f7bcf1e1078248b4b5fd27d9a","first_seen":"2025-07-04T18:28:09.276271Z","last_seen":"2026-04-03T22:54:57.966528Z","times_seen":3125,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/3/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:21 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Mon, 30 Jun 2025 11:15:08 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jTcGjbou5a0xRC7v7FiTvm3b5ce1DAlzz7UAEiAoye11ThHOuZbU6tgg99nz7IXh1MsgsrPKcD6dMiEH8eQVEn6JJ%2BnbL0parrvY%2BT6C\"}]}\r\nage: 1338122\r\ncf-cache-status: HIT\r\netag: W/\"686271bc-149a0\"\r\ncontent-encoding: br\r\ncf-ray: 99a6aad56ebab4fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators","md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-04T06:28:25.781081Z","times_seen":10363,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"businessesusa.com/api/cities/popular","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:18.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"businessesusa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 05:24:17 GMT","end":"Sat, 10 Jan 2026 05:24:16 GMT"},"fingerprint":{"sha1":"93:F4:D4:D7:CB:C9:11:FE:94:C4:B8:2D:A4:F3:37:7B:DF:E0:85:F0","sha256":"CE:9D:D8:89:13:96:6F:90:EB:DD:DB:1F:2F:F4:9E:A8:B0:BC:A5:B0:37:B6:E5:3C:BA:F9:69:E4:4A:6B:95:DA"}}},"request":{"raw":"GET /api/cities/popular HTTP/1.1\r\nHost: businessesusa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://businessesusa.com/details/angel-city-spa-ChIJ3R7\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 1501\r\ncontent-type: application/json; charset=utf-8\r\ndate: Thu, 06 Nov 2025 18:31:18 GMT\r\netag: W/\"5dd-t2AuJ1nBf8QPq7HPFDSnDopVK8U\"\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: b3fff3b6d975c2a379a6108db24c3832\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1501,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"f260decc44fa4bd6720d369806456849","sha1":"b7602e2759c17fc40fabb1cf1434a70e8a552bc5","sha256":"d80fb7bf95517dd5030b7485462a0b59d0ce899c83576adb27b8837d7a44c653","sha512":"6bca4443cb5afdaf320dac5c81e56d5627a096131d1c88c8baa5a46047f365f688522597e5050c411ad99c489f47b1bf4a09dcef1b463a9d619e82a1ea08efe1","ssdeep":"","tlshash":"783147f951756c3fffa24a8ab54e237c6c85c30fb7cd0a988ecd1b2d02402da550e965","first_seen":"2025-09-14T09:54:54.905186Z","last_seen":"2025-12-17T02:13:53.952575Z","times_seen":22,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"businessesusa.com/api/businesses/slug/angel-city-spa-ChIJ3R7","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:18.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"businessesusa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 05:24:17 GMT","end":"Sat, 10 Jan 2026 05:24:16 GMT"},"fingerprint":{"sha1":"93:F4:D4:D7:CB:C9:11:FE:94:C4:B8:2D:A4:F3:37:7B:DF:E0:85:F0","sha256":"CE:9D:D8:89:13:96:6F:90:EB:DD:DB:1F:2F:F4:9E:A8:B0:BC:A5:B0:37:B6:E5:3C:BA:F9:69:E4:4A:6B:95:DA"}}},"request":{"raw":"GET /api/businesses/slug/angel-city-spa-ChIJ3R7 HTTP/1.1\r\nHost: businessesusa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://businessesusa.com/details/angel-city-spa-ChIJ3R7\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 1641\r\ncontent-type: application/json; charset=utf-8\r\ndate: Thu, 06 Nov 2025 18:31:18 GMT\r\netag: W/\"669-MNRE1tBqb7S0arCXMWA5PsJtrWU\"\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 498788010a66012379a6108db24c37ff\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1641,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"18dd41e0ce3a318657292a98f97a48c7","sha1":"30d444d6d06a6fb4b46ab0973160393ec26dad65","sha256":"a81e4c85d7a44b0b0739c32a0fd210c9d76330f1d1118ddba704ca99ecdb7a41","sha512":"ef53347215e1c39ee72dfdcc94c0889ce0ee30c649b50859c9a468d49fa5d176a839f20bc3f2f8e7f4fbb35cbb4b41b7831d51ac0acb03e1f9e6100637e014b9","ssdeep":"","tlshash":"0b31567b08309a766736439c3889776a8fe156250b404520ddbe286e41dbbc66239d45","first_seen":"2025-11-06T18:31:50.800603Z","last_seen":"2025-11-06T18:31:50.800603Z","times_seen":1,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lh3.googleusercontent.com/p/AF1QipMaOrj3_6_kvAy5qpFnd_GbjZq6PzlxGWOyUg6h=w800-h500-k-no","fqdn":"lh3.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"142.250.74.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:19.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 08:38:45 GMT","end":"Mon, 05 Jan 2026 08:38:44 GMT"},"fingerprint":{"sha1":"BF:DD:06:00:E0:E8:17:69:DC:2B:A1:04:6E:7D:D2:CC:F2:F1:3C:65","sha256":"39:66:3E:DC:C6:9D:D6:FD:9E:62:46:8B:14:F9:F2:FD:70:E8:B1:C0:2B:C6:45:C3:3A:86:DE:D3:E3:30:1E:DE"}}},"request":{"raw":"GET /p/AF1QipMaOrj3_6_kvAy5qpFnd_GbjZq6PzlxGWOyUg6h=w800-h500-k-no HTTP/1.1\r\nHost: lh3.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\nvary: Origin\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\naccess-control-expose-headers: Content-Length\r\netag: \"v37\"\r\nexpires: Fri, 07 Nov 2025 18:31:19 GMT\r\ncache-control: public, max-age=86400, no-transform\r\ncontent-disposition: inline;filename=\"2023-05-25.jpg\"\r\nx-content-type-options: nosniff\r\ndate: Thu, 06 Nov 2025 18:31:19 GMT\r\nserver: fife\r\ncontent-length: 62109\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":62109,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 500x500, components 3","md5":"27c94bcd17056df24bb3a51362b9d48f","sha1":"d0161ccb41f5885f61038b0b06e4eaac9b2dbcee","sha256":"d44ba1fc2f9f18a194afae432faaf5f76001b5bbd2c44e203828b2c0e3b359bc","sha512":"d058314e4002e08459985d62b43018842695a3ab942dec38dc12aa16ab6168e9b056d59dc5279049d8729a458d8d76f87965ed4ef6dc9b267137d7831f651a08","ssdeep":"1536:c1tAGTL0YqbREgzNhxuWH8KD/qnSWIwTPM5ojH4QWUI:Gem0dbSgzLxuWH//qnzIWEmlI","tlshash":"3253f1f66e293881abd93db76378cf7b0829fc6e190d1f2723e451da95a52c0f649c40","first_seen":"2025-11-06T18:31:50.801536Z","last_seen":"2025-11-06T18:31:50.801536Z","times_seen":1,"resource_available":false,"data":null}},"time_used":593,"timings":{"blocked":87,"dns":32,"connect":21,"send":0,"wait":350,"receive":36,"ssl":64},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:20.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:20 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 313931f8cc8b9799188dc7ce432d485f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":63,"dns":1,"connect":17,"send":0,"wait":23,"receive":18,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/notifications/utility/default/robot/3/index.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:20.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 15:30:46 GMT","end":"Tue, 06 Jan 2026 16:29:13 GMT"},"fingerprint":{"sha1":"CE:BB:4F:68:2C:89:90:90:9F:0D:E4:DC:37:55:B5:DC:41:49:D6:F9","sha256":"52:3F:5E:43:C5:77:DF:EF:E5:AE:11:CA:C1:74:9E:6B:A8:63:B6:7A:C9:7F:8F:58:EF:05:C6:35:2F:C7:D2:9B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/3/index.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://businessesusa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:21 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Mon, 30 Jun 2025 11:15:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FN8w%2BthFjLL0ZICZ8jRNB%2B4eY77oPs8eW%2FqW3sCybN%2Fh8i9z6pCyGUlRyMuobwmDnhUzUkswxpWrbQA0IIghKvmcjpdfloAoYEw7vZ8%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 99a6aad3bc8a0b02-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2218,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"02f5dbb1330ff16517996ff3f06f9bac","sha1":"6c27e56a5d0173e4f518969906f71c1e37830a59","sha256":"ef0af1d5eb0bb2361e8ff64de642fb17e25a37cff8b0f5220eff0a1cb95c03ed","sha512":"d7e14d0083aee5f18d849e8a4db6a926b3bba035164431fdf81008d50174e40116384deb8dd429229aa2ba90a88f9d6958bd5ced41660fc48376014b97dcb0f2","ssdeep":"","tlshash":"b941365a29fcd57315c390973b312f6b6d86d68b9a0b9540b3ec4e848fd6e81ce0320b","first_seen":"2025-07-04T18:28:09.293573Z","last_seen":"2026-03-14T22:16:28.976564Z","times_seen":1415,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":56,"dns":34,"connect":1,"send":0,"wait":121,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"cdn.show-sb.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F3%2Findex.html\u0026l=2218\u0026fd=187","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F3%2Findex.html\u0026l=2218\u0026fd=187 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI; uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; pdhtkv=true; uncs=2; pdhtkv5=true; uncs5=1; u_pl27516621=1; pdhtkv29=true; uncs29=1; u_pl27716434=1; slec11a5763e8ad61a51c9f2d702688af48b=[6233297]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:21 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/3/img/cap.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/3/img/cap.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 9969\r\nserver: cloudflare\r\nlast-modified: Mon, 30 Jun 2025 11:15:07 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"686271bb-26f1\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 1339728\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zQC7gdTseC6uiGO5aHnswZsYkWFFYFnPFEAoFHWss4VvolbK2qOjQ4RRHfdy3vbniczGDWhwrKIV618yd5BQzvYAmymRqE7bNRqkzAV8\"}]}\r\ncf-ray: 99a6aad56eb6b4fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9969,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 413 x 104, 8-bit/color RGB, non-interlaced","md5":"cd399821f365e9b2e08a8db38a7bf686","sha1":"94a95b55d5c755df8c30f7b2a80022ad014ab2b5","sha256":"f6fe4493007eb93efc7760942585342f506295cff8ca86432bde23fe256ccdb3","sha512":"72f641b5095cb7aafce82ccd88d740d9761e8bcaac1ad845ff01ceda61c469afe7e42c0ef76b49d73d4b51c21bf2dfc85073a1d49ce0fe19f77af907d05d18d9","ssdeep":"192:wS5knGCCJeNHLR+444aBNWkUzhkeJrkyuisuDP8GQxJF:XinGC1dR+441SJrkyPNEJF","tlshash":"7a22cfd2ec402ef47a4cbcdedbd80c667a8332c4e1537867ecde7c5ac80a03a8952945","first_seen":"2025-07-04T18:28:09.289965Z","last_seen":"2026-03-15T18:29:56.084803Z","times_seen":1496,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/3/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/3/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://businessesusa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:21 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Mon, 30 Jun 2025 11:15:08 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KNs7lxrsdBh6NTg%2FkvkxRIIMkJ3A8TeFGz2YhnZM7%2FfTIfKe3flERSrRJOhXIE1fSIR9lclxLRd0keHtiE8N%2F0HK3IneH8LOz2MdNgLQ\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"686271bc-371c\"\r\ncontent-encoding: br\r\ncf-ray: 99a6aad65f96b4fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14108,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"9ab6f30bb69bd5ed2b95ec080d6df17d","sha1":"14f144dc6c53d712be564b1eef94f53c0a6dc7fa","sha256":"81d9c53b2dbbf34093776268451edaf2081a00fe9ad13002cc2bbf687149a836","sha512":"eb4911a8994c33422a72dac9fff6f8b2b52d185f6056190cf9300f40c5f801b4b5fc60432f44812baa9a54f27f9841f1e647b7bd5e459f722b5e5a94c04dcb66","ssdeep":"192:SFFLlcrcYmJBJsVan1oJJpvOHMk0Tw3f5czhGEhN70oz0EhnA3YED8iDehT6S:SFFLVLsVanyYH4TARCN7DRW3YEP0","tlshash":"cc52610818bddd64c948a12e307e6666f72809539c76bbd4bf8a4104afce82f797513f","first_seen":"2025-07-04T18:28:09.265117Z","last_seen":"2026-03-14T22:11:04.284893Z","times_seen":1369,"resource_available":false,"data":null}},"time_used":593,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":592,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:20.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:14:37 GMT","end":"Wed, 28 Jan 2026 01:14:36 GMT"},"fingerprint":{"sha1":"5A:67:AA:88:D5:BE:C4:00:42:86:CC:4E:FC:E7:73:FE:CB:85:71:60","sha256":"F5:6C:A4:39:AC:04:F6:11:7E:DB:94:93:4C:93:FC:EC:A2:B4:4E:A4:FE:19:8E:22:C0:D8:D4:84:67:37:70:C0"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:20 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2751ad2661f07a75960835fd53d8320d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":59,"dns":1,"connect":17,"send":0,"wait":17,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:20.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:20 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e03c1293174498e50e429e8c25687378\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":155,"timings":{"blocked":58,"dns":1,"connect":19,"send":0,"wait":20,"receive":18,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/ren.gif?sid=H4sIAAAAAAAC_1RTPWwcRRSedSwKQEKEiAqkKyiCwOfdu931LSkMJiSKCLFxglJQRLM7s_bgvZllZvf24ioiAqVBOip-RLH33dkWECFSUiCiMwWSJaQsReQipkiFaJBAaY32bCniSfPeG31f8b5v3nwyzA9IGzndX3lHbYokofNe026cviokU4VpXLrScOymfaZxVUjfPdPo10n3XnPabtN-uXGeRxtqvmU7tu3YTuOc0DxW_fkpCpHeDpxmYDfdVtPxXPT1_-8mn4GhFljvgJyEYNUzD-P3IaIJZPeHs9xsZCp99a1untBMafTYzntyQ6pCovu4jbWFWO4cs6FMRcgXM1By51gBVG9cK0AoKjLz_AOEcud4TIS9raNJwwRcImRPoehNwJMJBJ0gUjch2D0CRAyXliG725eULuj1I5TWaEVmH_0DUVRk9sEpyO73S4noNy6rJM-Ekgb9uIToTyDWJkjzXWSbFkSxiyj7CIL9RuYfXYTsjpdNoiDY_kuxG4cxd_y5mLqtOZdzZ67jB525mMVhx3e9IPTY1CIRT0CNhbw-wkIeW8hTC12233Dtjhs5tO3HAYsWbJe6LuOhHXRatk2DaAF5VM8-QJYOECUDRPrjnZStZxs9b5zpnG_lMjLe0LmdX0uT1oLn-H7LGTrbR5wpZVxThg5SfQMbYgCd34VZL2HYDExWEevdG-ixEgUnKAxBQQkKQVBkBEWv3GKJaZlymyUmD53j2jqu7XKksrUh3VLZGpcEVA-gWTkW6YfmJqLsxGgzNmyk6kTDrBzRkJXD9IA8W7-Itf3XKjb4fsNxqLfgt3mHMt-hnhMFcYst2C2_06Gx2wlhRAlhZqY-boqKrAzOIxUVmb0_Rkh3YZJdROIEaP4iaFGCrpfYlHfC3AjJjeEmN7QZqS6YKpFms8iuW8PkgDw3Wr2ydHe6HddeuAce7b3-xEn5-afLfyDSJVJd4gPxC8Facmu0qgoyXlWFIXeW00x0xSatN-dyRjM---3b_HqhNLtw1gy-eSOqgbq9fYWb7CKVTMg1Q75bEoxxfU7piJOfLpirPFzJzfpSrmWeXlx589yFbqq5MULJCaioyJNfv4JIVOTU6cXpr_D-fYgovQGT7i3--GUdX8EogjC1kIiKtE_9ioTvLW417xeHh4egYQnDH2sK-d7Pf5NpDM0trGkLNLsJ2S3R0yV6SQmaDGDyE6Ms1XuLv7engTCxRmGirXGY6OSzI6-M2G94rbDtdzo-j30Wt1m71WaBZ_PApYHvBq6HzFTi6T_7_wUAAP__tErIAbwEAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:20.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTPWwcRRSedSwKQEKEiAqkKyiCwOfdu931LSkMJiSKCLFxglJQRLM7s_bgvZllZvf24ioiAqVBOip-RLH33dkWECFSUiCiMwWSJaQsReQipkiFaJBAaY32bCniSfPeG31f8b5v3nwyzA9IGzndX3lHbYokofNe026cviokU4VpXLrScOymfaZxVUjfPdPo10n3XnPabtN-uXGeRxtqvmU7tu3YTuOc0DxW_fkpCpHeDpxmYDfdVtPxXPT1_-8mn4GhFljvgJyEYNUzD-P3IaIJZPeHs9xsZCp99a1untBMafTYzntyQ6pCovu4jbWFWO4cs6FMRcgXM1By51gBVG9cK0AoKjLz_AOEcud4TIS9raNJwwRcImRPoehNwJMJBJ0gUjch2D0CRAyXliG725eULuj1I5TWaEVmH_0DUVRk9sEpyO73S4noNy6rJM-Ekgb9uIToTyDWJkjzXWSbFkSxiyj7CIL9RuYfXYTsjpdNoiDY_kuxG4cxd_y5mLqtOZdzZ67jB525mMVhx3e9IPTY1CIRT0CNhbw-wkIeW8hTC12233Dtjhs5tO3HAYsWbJe6LuOhHXRatk2DaAF5VM8-QJYOECUDRPrjnZStZxs9b5zpnG_lMjLe0LmdX0uT1oLn-H7LGTrbR5wpZVxThg5SfQMbYgCd34VZL2HYDExWEevdG-ixEgUnKAxBQQkKQVBkBEWv3GKJaZlymyUmD53j2jqu7XKksrUh3VLZGpcEVA-gWTkW6YfmJqLsxGgzNmyk6kTDrBzRkJXD9IA8W7-Itf3XKjb4fsNxqLfgt3mHMt-hnhMFcYst2C2_06Gx2wlhRAlhZqY-boqKrAzOIxUVmb0_Rkh3YZJdROIEaP4iaFGCrpfYlHfC3AjJjeEmN7QZqS6YKpFms8iuW8PkgDw3Wr2ydHe6HddeuAce7b3-xEn5-afLfyDSJVJd4gPxC8Facmu0qgoyXlWFIXeW00x0xSatN-dyRjM---3b_HqhNLtw1gy-eSOqgbq9fYWb7CKVTMg1Q75bEoxxfU7piJOfLpirPFzJzfpSrmWeXlx589yFbqq5MULJCaioyJNfv4JIVOTU6cXpr_D-fYgovQGT7i3--GUdX8EogjC1kIiKtE_9ioTvLW417xeHh4egYQnDH2sK-d7Pf5NpDM0trGkLNLsJ2S3R0yV6SQmaDGDyE6Ms1XuLv7engTCxRmGirXGY6OSzI6-M2G94rbDtdzo-j30Wt1m71WaBZ_PApYHvBq6HzFTi6T_7_wUAAP__tErIAbwEAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI; uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; pdhtkv=true; uncs=2; pdhtkv5=true; uncs5=1; u_pl27516621=1; pdhtkv29=true; uncs29=1; u_pl27716434=1; slec11a5763e8ad61a51c9f2d702688af48b=[6233297]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:20 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f13ea8d62de49401c15f9066bc4bbefc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 08:38:58 GMT","end":"Mon, 05 Jan 2026 08:38:57 GMT"},"fingerprint":{"sha1":"1E:BD:59:57:1D:85:DE:FA:02:4F:D0:E3:99:CD:8C:9B:62:9E:2A:D4","sha256":"E6:2C:01:FB:2E:B9:ED:F7:DF:AE:35:78:93:C6:BD:6B:FE:43:09:67:54:88:15:D5:34:D6:13:53:F1:93:4A:45"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 06 Nov 2025 18:31:21 GMT\r\ndate: Thu, 06 Nov 2025 18:31:21 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"a90fc2bf15e304ef3fa4e7f75b6a8608","sha1":"0f8c2853b49a7c206d75af99117482d80a60f869","sha256":"6e10be4b6befecf6f3d1ae34b727939e6da334a1f2d815fd325ba9c455520772","sha512":"0d1a14e11c436dadf51cc489592867eaff3cae2c4a95748d2a25614c984560ad3588fb95e2aaafd4060d4954594951d09e71ab36e9859fb8590198811f156fc4","ssdeep":"384:pwf5wgwPwrwyUw/qY4+w4wYwpwfMw1wWw6wyhw/qY4XwNwtw4wfdwkwDw3wyQw/P:pc70afUQRptmJKBLfhQE8YTYHw+fQQVl","tlshash":"b472ed91041700009b835ce223cebf35fe5f92117141d0b9abfd9b6badcbc6652693ad","first_seen":"2025-09-08T23:24:40.129975Z","last_seen":"2025-11-18T23:33:55.863403Z","times_seen":3582,"resource_available":false,"data":null}},"time_used":334,"timings":{"blocked":142,"dns":0,"connect":28,"send":0,"wait":47,"receive":0,"ssl":112},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=10920\u0026fd=598","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=10920\u0026fd=598 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI; uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; pdhtkv=true; uncs=2; pdhtkv5=true; uncs5=1; u_pl27516621=1; pdhtkv29=true; uncs29=1; u_pl27716434=1; slec11a5763e8ad61a51c9f2d702688af48b=[6233297]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:21 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbs?c=1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:22.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI; uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; pdhtkv=true; uncs=2; pdhtkv5=true; uncs5=1; u_pl27516621=1; pdhtkv29=true; uncs29=1; u_pl27716434=1; slec11a5763e8ad61a51c9f2d702688af48b=[6233297]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:22 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"businessesusa.com/api/statistics","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:18.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"businessesusa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 05:24:17 GMT","end":"Sat, 10 Jan 2026 05:24:16 GMT"},"fingerprint":{"sha1":"93:F4:D4:D7:CB:C9:11:FE:94:C4:B8:2D:A4:F3:37:7B:DF:E0:85:F0","sha256":"CE:9D:D8:89:13:96:6F:90:EB:DD:DB:1F:2F:F4:9E:A8:B0:BC:A5:B0:37:B6:E5:3C:BA:F9:69:E4:4A:6B:95:DA"}}},"request":{"raw":"GET /api/statistics HTTP/1.1\r\nHost: businessesusa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://businessesusa.com/details/angel-city-spa-ChIJ3R7\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-length: 91\r\ncontent-type: application/json; charset=utf-8\r\ndate: Thu, 06 Nov 2025 18:31:19 GMT\r\netag: W/\"5b-ilD3RNT6xU3QTkRSki/OHCjZtJE\"\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: dc886d1d8b10211479a6108db24c3eb7\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]}],"data":{"size":91,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"631ab63948481b96c4b298efce69da52","sha1":"8a50f744d4fac54dd04e4452922fce1c28d9b491","sha256":"784bc14f9a64bfc68d973e994e239ba9098e801b2f96774d95b6a570afe959bf","sha512":"c46573bcdc113dd48e49eb0c5a543e78ec55d4a649941ec0b11a26d0c3d4300657237403e9091a777886bd610b36aaa1c40b9fd4ece3ebd61159959984714cdf","ssdeep":"","tlshash":"92b0120414382ef03b9983504c31fc079320030340018c6b3ec2c144475680871c5330","first_seen":"2025-09-14T09:54:54.89922Z","last_seen":"2025-12-17T02:13:53.950704Z","times_seen":22,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":422,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"businessesusa.com/favicon.ico","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:19.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"businessesusa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 05:24:17 GMT","end":"Sat, 10 Jan 2026 05:24:16 GMT"},"fingerprint":{"sha1":"93:F4:D4:D7:CB:C9:11:FE:94:C4:B8:2D:A4:F3:37:7B:DF:E0:85:F0","sha256":"CE:9D:D8:89:13:96:6F:90:EB:DD:DB:1F:2F:F4:9E:A8:B0:BC:A5:B0:37:B6:E5:3C:BA:F9:69:E4:4A:6B:95:DA"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: businessesusa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/details/angel-city-spa-ChIJ3R7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 3844\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 06 Nov 2025 18:31:19 GMT\r\netag: W/\"f04-19935eacf48\"\r\nlast-modified: Wed, 10 Sep 2025 23:16:45 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 9fc19ed434ddc9ff79a6108db24c3355\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":3844,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"0e79080d288a01181c6759f7e0cfd5bb","sha1":"baf0c2312ca1b056a4b6d8a8d2b1c1391b5a7f1b","sha256":"d34a1c76654206e0d1f3a5f8f9dbe3a5fa83e07509ef33e7b06a1ce1d5ef437f","sha512":"b122b3140730eae2ad8779ee1cc4f730c4c51ba97dbef078519a09c4a2329c2e636f88fbed7b9270d2274ee13c9baf4c79708a182418e4530de5bb49cbb9eb65","ssdeep":"","tlshash":"b081125388a1cc3863204224ace2f854d666a34f87099c54bb9e80d91fd1fd5c6f33f5","first_seen":"2025-09-14T09:54:54.903409Z","last_seen":"2025-11-23T06:20:47.116476Z","times_seen":21,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/2c/16/00/2c160054c49acd38e63584b7eef26cf0.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:19.489Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /2c/16/00/2c160054c49acd38e63584b7eef26cf0.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:19 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 39850\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 037d918fcfa79fe1761e0c0fddc032d7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":112078,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fa7aedc30e692a7bc1e2dfad860e3844","sha1":"2ec8d6aa851dd61638d0b2c73304c67474d9fdd5","sha256":"4066d7df620a85498e96a46832c6281194d42d6391cfd9d3690121967f7e3cb0","sha512":"7196898042f7e92b4ddd9ef63f7d1020c246db54cc544fe103152eeaa16d78c6dd09d33e964bcb5ded2bcfb945c881173c0db51e0325a6f185cf496c70e32633","ssdeep":"1536:l7+8KD2HAUk06W7qx61GpQU8/M5XTSvFu081y736V8xefnFARscKv6RQc27YhOhs:d+HLT5Iab8xe9ARzXRR2khT","tlshash":"44b3b38dbf92f16d11675072223f9426f02e8d56658dc554e222f8bc2fa831be939f34","first_seen":"2025-11-06T18:31:50.8059Z","last_seen":"2025-11-09T12:51:21.262747Z","times_seen":2,"resource_available":true,"data":null}},"time_used":849,"timings":{"blocked":307,"dns":15,"connect":96,"send":0,"wait":99,"receive":134,"ssl":193},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.311579502583.js?dev=e\u0026key=cf79cd585778f644d39f030467538e4b\u0026kw=%5B%22angel%22%2C%22city%22%2C%22spa%22%2C%22-%22%2C%22massage%22%2C%22in%22%2C%22east%22%2C%22hartford%22%5D\u0026pst=1762453939\u0026rb=\u0026refer=https%3A%2F%2Fbusinessesusa.com%2Fdetails%2Fangel-city-spa-ChIJ3R7\u0026res=14.3095\u0026rmtc=t\u0026shu=8ab2f34c1d48280053567dc2a7f2daff4b183eb4148be28b574383bbe88e0cf5630afcaf3a6deb51184cd90e347e00fb8ba93fe9868347b36baff096a9977fdb172e039730f93fa4270d7c662586f13df3ebbf9f0216d97ea6c131\u0026tz=0\u0026uuid=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d%3A1%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:20.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /watch.311579502583.js?dev=e\u0026key=cf79cd585778f644d39f030467538e4b\u0026kw=%5B%22angel%22%2C%22city%22%2C%22spa%22%2C%22-%22%2C%22massage%22%2C%22in%22%2C%22east%22%2C%22hartford%22%5D\u0026pst=1762453939\u0026rb=\u0026refer=https%3A%2F%2Fbusinessesusa.com%2Fdetails%2Fangel-city-spa-ChIJ3R7\u0026res=14.3095\u0026rmtc=t\u0026shu=8ab2f34c1d48280053567dc2a7f2daff4b183eb4148be28b574383bbe88e0cf5630afcaf3a6deb51184cd90e347e00fb8ba93fe9868347b36baff096a9977fdb172e039730f93fa4270d7c662586f13df3ebbf9f0216d97ea6c131\u0026tz=0\u0026uuid=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d%3A1%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://businessesusa.com\r\nReferer: https://businessesusa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:20 GMT\r\nContent-Type: text/html\r\nContent-Length: 2246\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://businessesusa.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; expires=Thu, 13 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Fri, 07 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Fri, 07 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\npdhtkv5=true; expires=Fri, 07 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\nuncs5=1; expires=Fri, 07 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\nu_pl27516621=1; expires=Fri, 07 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 22\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 546dbaea7b334516d50f7e9c110bf435\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4590,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3714)","md5":"72eee07f4bf82d81f7384090a5201441","sha1":"f72156452ed7ba4b0597de041051ab96929da535","sha256":"923b2445d7253e2825c35ed8e0a04f2bee860d746d20bdc35ea9d01d9e97288a","sha512":"fefffd5e37c51e457a68e2946a32adf96f284ed6fdefebc4ce4e109ff392ff05395bb450ed68b9d7a0ac2d36f977bca242052b7537a6ab3627d342050c608211","ssdeep":"96:l/oz/sISocmkfOj4k/vcmkfOjNc1ZDL0FCfMEDaH:lgz/bhcdO8kncdOqVL0FCkCaH","tlshash":"75911a715dd944b8789f722b467e359c1e20b3166008dd85fc8cdec66f308a55aa8cfc","first_seen":"2025-11-06T18:31:50.806918Z","last_seen":"2025-11-06T18:31:50.806918Z","times_seen":1,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:19.475Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:19 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d0f0608eaa6253aa8b35355949f3f5df\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":722,"timings":{"blocked":313,"dns":28,"connect":92,"send":0,"wait":95,"receive":1,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RTPYzcRBQeJwcFICEIot6CAhC3N_aM7TEpEEdIFBGSUxKUAlHM72U4r8d47PXmqohIKKJaJAookHxvLzkBESINHSjao4tAylLAFbmGihIhpUa-nHTwJL_3PX9TfO_NN59sNfuIQMP31t51mzbP-Uo8xIOXr9hCudYPzl8ehHiITw6u2CKhJweTPlXj10NCh_iVwRktN9xKhEOMQxwOTttKGzdZOWDBlneycJjhIY2GYUxhUv2_900AngegxvvoebBq8eyf5n2wcg7F6PtT2m_Urnzt7VGT89pVMFY77xUbhWsLGB1BUwVgip3D0-D8AqEvjoErdg4nADfe7icAYRfo2IsPQRQ7hzJBjG89Vipy0AUI9TS04znofBcsn4N0N8CqBwhAKjh_AYrR7fOuavm1xyzv2QVaevQP2HaBlh6-AMXou9XcTgaXXN7U1hUeJqYDO5mDXZ9D2exCvRmAbXdB1h-DVb-ilUfnoBhtX_C5A6v2XjLUCKPDZNlwGi1TrcNllmRs2SgjWELjTMTqYEXWzIH7AJr-swE0JoCmDGCk9gYUMypDThKTKZliyilVWuCMRRjzTKbQyF77FOpyCjKfgqyuQ1ldhw372QP_FVTNPfBX935gXESGUBkqyiKGcUziJFUy4qmJFDeGipARLWhImdARE3FKCSNCaMY0liZOCOZGckN4orSIw5BRqTKsCU01xkYwwTNidMYSRmgqSCK4MThLeJalqVEiTCONSZYSbDLSLyTFKpVJEsUsMSFRhmghTGZwFCYqSzVPZEhC8CoAXyMYqw5ajaD1CFqOoLUI2hpBO-5uqdxHvrutct-I8LBGh5V0M1evb_Fbrl7XBQJeTaFS3bYtP_I3QNbHZ5vGq5nrExd1N-NCdVvlPnquN0Qw2_8FNvTeQJo0kypmcZoyk1CqSGYwwTRJY8I0FeBtB9YfO7jGTbtAa9MzUNoFWvp9GwTfBZ_vgrTHgTdPAG9nBGPgV2dRjGGzuCsabwvtvfaN50PpRqBcB2W9BPW1YCvfRydmFy-v3juw6Ad_1KDlfXQYIKsOyqqDD-3PCNbzm7OLrkXbF13r0d0LZW1HdpP39r1U81o_-c07-lrrKnX2lJ9-_absiR7euax9fY4XyhbrHn27apXS1WlXSY1-POuvaLHW-KurTVU05bm1t06fHZWV9t66Yg7cLtBTf38K0i7QiZ--PHia8aufgyyvgy-PdHqHQJQIcosg10f_uejA_6cXR3jL34T1KgBe34Bi1MG46mCcd8DzKfjm-Kwuq_tv_EYOAkQezEReoW2RVz1v9waG6EhizNIkJMzokFAlTcxophKOCdFQ-4V95q_JvwEAAP__N0SFETgFAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:20.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTPYzcRBQeJwcFICEIot6CAhC3N_aM7TEpEEdIFBGSUxKUAlHM72U4r8d47PXmqohIKKJaJAookHxvLzkBESINHSjao4tAylLAFbmGihIhpUa-nHTwJL_3PX9TfO_NN59sNfuIQMP31t51mzbP-Uo8xIOXr9hCudYPzl8ehHiITw6u2CKhJweTPlXj10NCh_iVwRktN9xKhEOMQxwOTttKGzdZOWDBlneycJjhIY2GYUxhUv2_900AngegxvvoebBq8eyf5n2wcg7F6PtT2m_Urnzt7VGT89pVMFY77xUbhWsLGB1BUwVgip3D0-D8AqEvjoErdg4nADfe7icAYRfo2IsPQRQ7hzJBjG89Vipy0AUI9TS04znofBcsn4N0N8CqBwhAKjh_AYrR7fOuavm1xyzv2QVaevQP2HaBlh6-AMXou9XcTgaXXN7U1hUeJqYDO5mDXZ9D2exCvRmAbXdB1h-DVb-ilUfnoBhtX_C5A6v2XjLUCKPDZNlwGi1TrcNllmRs2SgjWELjTMTqYEXWzIH7AJr-swE0JoCmDGCk9gYUMypDThKTKZliyilVWuCMRRjzTKbQyF77FOpyCjKfgqyuQ1ldhw372QP_FVTNPfBX935gXESGUBkqyiKGcUziJFUy4qmJFDeGipARLWhImdARE3FKCSNCaMY0liZOCOZGckN4orSIw5BRqTKsCU01xkYwwTNidMYSRmgqSCK4MThLeJalqVEiTCONSZYSbDLSLyTFKpVJEsUsMSFRhmghTGZwFCYqSzVPZEhC8CoAXyMYqw5ajaD1CFqOoLUI2hpBO-5uqdxHvrutct-I8LBGh5V0M1evb_Fbrl7XBQJeTaFS3bYtP_I3QNbHZ5vGq5nrExd1N-NCdVvlPnquN0Qw2_8FNvTeQJo0kypmcZoyk1CqSGYwwTRJY8I0FeBtB9YfO7jGTbtAa9MzUNoFWvp9GwTfBZ_vgrTHgTdPAG9nBGPgV2dRjGGzuCsabwvtvfaN50PpRqBcB2W9BPW1YCvfRydmFy-v3juw6Ad_1KDlfXQYIKsOyqqDD-3PCNbzm7OLrkXbF13r0d0LZW1HdpP39r1U81o_-c07-lrrKnX2lJ9-_absiR7euax9fY4XyhbrHn27apXS1WlXSY1-POuvaLHW-KurTVU05bm1t06fHZWV9t66Yg7cLtBTf38K0i7QiZ--PHia8aufgyyvgy-PdHqHQJQIcosg10f_uejA_6cXR3jL34T1KgBe34Bi1MG46mCcd8DzKfjm-Kwuq_tv_EYOAkQezEReoW2RVz1v9waG6EhizNIkJMzokFAlTcxophKOCdFQ-4V95q_JvwEAAP__N0SFETgFAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI; uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1; u_pl27516621=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:20 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a6ca23d12f0fc120c8c72b70ac029e28\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/sbar.json?key=11a5763e8ad61a51c9f2d702688af48b\u0026uuid=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d%3A1%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:20.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /sbar.json?key=11a5763e8ad61a51c9f2d702688af48b\u0026uuid=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d%3A1%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://businessesusa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI; uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1; u_pl27516621=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:20 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4751\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://businessesusa.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; expires=Thu, 13 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Fri, 07 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Fri, 07 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Fri, 07 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\nu_pl27716434=1; expires=Fri, 07 Nov 2025 18:31:20 GMT; path=/; secure; SameSite=None\nslec11a5763e8ad61a51c9f2d702688af48b=[6233297]; expires=Thu, 06 Nov 2025 18:31:25 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 218\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: af8ecd1e87022c60f8781f44ec10b84f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6121,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"2b758c53ce5d6acba6d30b49c4c8010b","sha1":"ebc615e889f9623f02c905084fa7bffc08c34eb3","sha256":"bf817cdf0ef1136561d467a3be5c1676ac9371a64b6bb4fd26f1042b54cae1fa","sha512":"6f86aba6e44a228450279a6ea6a19f7173bf2824e8f039d5d52d9f1c848dc96674813e0ef2a3000133b92d639bb0fc78367de2c2ad857638ab0d07d28f17ef10","ssdeep":"96:9zTBXKnrlfBYSu7VpZgg25xLrq0cfrHhv/X2RMbmVSMmKyNugphJKq:9zdXKnJ5YSu76x5FqNfhP2RA3KDgpT5","tlshash":"f7c17cbe55c975a4c98e5a0225048ff82f178e82b922f848f1ad717c727e9017b2ccb0","first_seen":"2025-11-06T18:31:50.808334Z","last_seen":"2025-11-06T18:31:50.808334Z","times_seen":1,"resource_available":false,"data":null}},"time_used":320,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":319,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/3/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/3/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://businessesusa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:21 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Mon, 30 Jun 2025 11:33:47 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"6862761b-1b60\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=84%2BymAzT0bEJaHyCK7VNdnOTcllIsS3WDQPVvQvXeujbXPMk0WOY8CT%2FKGWDQY1zJtNNS04pfnaby%2FwHoJtivkJBYkJndCQOSYXY45lP\"}]}\r\ncf-ray: 99a6aad4fe07b4fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7008,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"fb36710663e1b1cea266cd22469df0a5","sha1":"c26947d20f845e479a729880b019b94387a7572c","sha256":"489b7a8da57bff7e1700ef24006bbb60451f933c6c12b4808b251db88355fdf2","sha512":"49de21e634ae6383567bedd988764c685f2c0dfb09b2489b453fc06c1849804d3717b2aff972c54f285573435d0334d37e0c728cdb122b8c6aabf964036be701","ssdeep":"192:fMFIn7CSiyXnMsWM0kFRxX4zb32l0QofZ:fM9TyXnMrcF7E32l0RZ","tlshash":"c6e1109617a80204b50bd86739126f5767688043ef0fdab86ed1205c9eca6ce56f378f","first_seen":"2025-07-04T18:28:09.299693Z","last_seen":"2026-03-15T18:29:56.068984Z","times_seen":1459,"resource_available":false,"data":null}},"time_used":591,"timings":{"blocked":47,"dns":20,"connect":1,"send":0,"wait":495,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/3/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/3/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 7005\r\nserver: cloudflare\r\nlast-modified: Mon, 30 Jun 2025 11:15:07 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"686271bb-1b5d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 1169938\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2Hu0UJXL%2BMK5sCNDertBLmqIK8m8YRPfwLjkjn0vPvkDJiAxUJsTbyX4NtLH8BE1ZpECLcsRrxDPdUPMEXwTIZ8H6uKhxToAnl5BT5rk\"}]}\r\ncf-ray: 99a6aad55e95b4fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7005,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"5127599f81c439cb0cf21166da26e991","sha1":"a750620e45c25855fb32ede5f1adb69ad28c1eeb","sha256":"9402058e0a31e79cd70001ebb397de51144d6e638a482f33bcee9a94dc20a6ff","sha512":"4e01869e43212009dc3811b4fc2303c39ab9aa123ce034ff4df220539a1e65784835b6cb0873cea4f6de027a7dcf1dd440ac0631e6b9c9db9085804473e3a0a8","ssdeep":"192:FkknNHG5WNN4kVyitdix/Inm2I6BRvBevoIPkucZ:9nNmoN4kVyiswm2I6BFBpuI","tlshash":"dee17d19dda17e1005d57f8a2fef815243638390c2856282dced8c5237e40f1ec6e4cb","first_seen":"2025-07-04T18:28:09.283921Z","last_seen":"2026-03-23T06:05:48.044552Z","times_seen":3194,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RTPWwcRRSedSwKQEKEiAqkKyiCwOfdu73zHikMJiSKCLFxglJQRLMzs_bgvZllZvf24ioiAqVBOip-RLH33dkWECFSUiCiMwWSJaQsReQipkiFaJBAaY32bCniSfve2_dN8X3fvPlkmB2QJjK6v_KO3pRxTOdbdbd2-qpUXOe2dulKzXPr7pnaVana_plav0qm95rX9Ovuy7Xzgm3o-Ybrua7nerVz0ohI9-enKGRyu-PVO27db9S9lo---f-_zWZgqQPeOyAnIXn5zMPofUg2ger-cFbYjVQnr77VzWKaaoMe33lPbSidK3Qft5FxEKmd49PQtiTkixlotXOsALo3rhQglCWZef4BQrVzTBNhb-uIaRhDKIT8KeS9CUQ8gaQTMH0Tkt8jAOO4tAzV3b6kTU6vH6G0Qksy--gfyLwksw9OQXW_X4plv3ZZx1kqtbLoRwVkfwK5NkGS7SLddCDzXbD0I0j-G5l_dBGqO162sYbk-y9FfhRGwmvPRdRvzPlCeHNBuxPMRTwKg7bf6oQtPrVIRhNQ6yCrPukgixxkiYMu36_5buAzjzbbUYezBdenvs9F6HaChuvSDltAxiruA6TJACwegJmPtxO-nm70xqnJxDhTzA69naNRazrbqmatoXc7u5bEjYWW1243vKGHxNzAhhzAZHdh1wtYPgOblsR59wZ6vEAuCHJLkFOCXBLkKUHeK7Z4bBu22OaxzULvuDaOa7MY6XRtSLd0uiYUATUDGF6MZfKhvQmWnhhtRpaPdJVomBYjGvJimByQZ6sbcbb_WsWG2K95Hm0ttJsioLzt0ZbHOlGDL7iNdhDQyA9CWFlA2pmpj5uyJCuD80hkSWbvjxHSXdh4F0yeAM1eBM0L0PUCm-pOmFmphLXCZpbWme6C6wJJOov0ujOMD8hzo9UrS3en23HthXsQbO_1J06qzz9d_gPMFEhMgQ_kLwRr8a3Rqs7JeFXnltxZTlLZlZu02pzLKU3F7Ldvi-u5NvzCWTv45g1WAVV7-4qw6UWquFRrlny3JDkX5pw2TJCfLtirIlzJ7PpSZlSWXFx589yFbmKEtVKrCagsyZNfvwImS3Lq9OL0VbT-fQiW3IBN9hZ__LKKr2A1QZg4iGVJmqd-RSz2Frfq9_PDw0PQsIAVjzWFYu_nv8k0hvYW1owDmt6E6hbomQK9uACNB7DZiVGamL3F35vTQBg7ozA2zjiMTfzZkVdW7teipmgw1w0W2l4ziITX9DmLWoHf4W3qNpsCqS3l03_2_wsAAP__OcX3xbwEAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:22.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTPWwcRRSedSwKQEKEiAqkKyiCwOfdu73zHikMJiSKCLFxglJQRLMzs_bgvZllZvf24ioiAqVBOip-RLH33dkWECFSUiCiMwWSJaQsReQipkiFaJBAaY32bCniSfve2_dN8X3fvPlkmB2QJjK6v_KO3pRxTOdbdbd2-qpUXOe2dulKzXPr7pnaVana_plav0qm95rX9Ovuy7Xzgm3o-Ybrua7nerVz0ohI9-enKGRyu-PVO27db9S9lo---f-_zWZgqQPeOyAnIXn5zMPofUg2ger-cFbYjVQnr77VzWKaaoMe33lPbSidK3Qft5FxEKmd49PQtiTkixlotXOsALo3rhQglCWZef4BQrVzTBNhb-uIaRhDKIT8KeS9CUQ8gaQTMH0Tkt8jAOO4tAzV3b6kTU6vH6G0Qksy--gfyLwksw9OQXW_X4plv3ZZx1kqtbLoRwVkfwK5NkGS7SLddCDzXbD0I0j-G5l_dBGqO162sYbk-y9FfhRGwmvPRdRvzPlCeHNBuxPMRTwKg7bf6oQtPrVIRhNQ6yCrPukgixxkiYMu36_5buAzjzbbUYezBdenvs9F6HaChuvSDltAxiruA6TJACwegJmPtxO-nm70xqnJxDhTzA69naNRazrbqmatoXc7u5bEjYWW1243vKGHxNzAhhzAZHdh1wtYPgOblsR59wZ6vEAuCHJLkFOCXBLkKUHeK7Z4bBu22OaxzULvuDaOa7MY6XRtSLd0uiYUATUDGF6MZfKhvQmWnhhtRpaPdJVomBYjGvJimByQZ6sbcbb_WsWG2K95Hm0ttJsioLzt0ZbHOlGDL7iNdhDQyA9CWFlA2pmpj5uyJCuD80hkSWbvjxHSXdh4F0yeAM1eBM0L0PUCm-pOmFmphLXCZpbWme6C6wJJOov0ujOMD8hzo9UrS3en23HthXsQbO_1J06qzz9d_gPMFEhMgQ_kLwRr8a3Rqs7JeFXnltxZTlLZlZu02pzLKU3F7Ldvi-u5NvzCWTv45g1WAVV7-4qw6UWquFRrlny3JDkX5pw2TJCfLtirIlzJ7PpSZlSWXFx589yFbmKEtVKrCagsyZNfvwImS3Lq9OL0VbT-fQiW3IBN9hZ__LKKr2A1QZg4iGVJmqd-RSz2Frfq9_PDw0PQsIAVjzWFYu_nv8k0hvYW1owDmt6E6hbomQK9uACNB7DZiVGamL3F35vTQBg7ozA2zjiMTfzZkVdW7teipmgw1w0W2l4ziITX9DmLWoHf4W3qNpsCqS3l03_2_wsAAP__OcX3xbwEAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI; uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; pdhtkv=true; uncs=2; pdhtkv5=true; uncs5=1; u_pl27516621=1; pdhtkv29=true; uncs29=1; u_pl27716434=1; slec11a5763e8ad61a51c9f2d702688af48b=[6233297]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:22 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+c434f5f41fd3bbf35ab17185e735d0e3=6233297; expires=Fri, 07 Nov 2025 18:31:22 GMT; path=/; secure; SameSite=None\niprc_l:6233297=1; expires=Fri, 07 Nov 2025 18:31:22 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 4\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: dbe6567ea02381804d5166b244299892\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"businessesusa.com/assets/index--e4MNg4t.js","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:18.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"businessesusa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 05:24:17 GMT","end":"Sat, 10 Jan 2026 05:24:16 GMT"},"fingerprint":{"sha1":"93:F4:D4:D7:CB:C9:11:FE:94:C4:B8:2D:A4:F3:37:7B:DF:E0:85:F0","sha256":"CE:9D:D8:89:13:96:6F:90:EB:DD:DB:1F:2F:F4:9E:A8:B0:BC:A5:B0:37:B6:E5:3C:BA:F9:69:E4:4A:6B:95:DA"}}},"request":{"raw":"GET /assets/index--e4MNg4t.js HTTP/1.1\r\nHost: businessesusa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/details/angel-city-spa-ChIJ3R7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 485063\r\ncontent-type: application/javascript; charset=UTF-8\r\ndate: Thu, 06 Nov 2025 18:31:18 GMT\r\netag: W/\"766c7-19935eacf48\"\r\nlast-modified: Wed, 10 Sep 2025 23:16:45 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: 402903cd80a0b2f479a6108db24c32fb\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":485063,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (37534)","md5":"e4399f7c5c67cbf8f093532917e02c6e","sha1":"0f87f3af37c05234831eacd08d5f6b65a18e521b","sha256":"9730711cfaabc39493b3d4038c8ce35f1dd6123ea0d15a8ccd79746524a921f4","sha512":"f1a2414e14b049a8ad4fcdf55360e9d5894f616ee19f5595d880445ef1071ef668b5c36c019b0e6e21d9fab41a003b2369e37796f3638ee1f100d71e2f2bb37f","ssdeep":"6144:XQbSUHKI8ubyIdYT6BYkYBAugyVaKW33C2aksnSCpL:hUXK3kYBAuJJW33C2USy","tlshash":"48a43b58b051fbbdaeb709e2543f8029713e1b15e90e88a0f07ce8752774506b267bed","first_seen":"2025-09-14T09:54:54.90887Z","last_seen":"2025-11-23T06:20:47.114097Z","times_seen":21,"resource_available":true,"data":null}},"time_used":340,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":155,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flexibleno.com/cf79cd585778f644d39f030467538e4b/invoke.js","fqdn":"flexibleno.com","domain":"flexibleno.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:18.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flexibleno.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 31 Oct 2025 21:26:59 GMT","end":"Thu, 29 Jan 2026 21:26:58 GMT"},"fingerprint":{"sha1":"41:AD:72:45:50:DF:56:91:5F:F5:76:98:D8:33:10:1A:92:32:82:EE","sha256":"34:F0:55:DE:FD:C2:5A:E6:DC:70:E1:81:FB:DD:AE:55:21:21:41:1A:C4:7A:96:FB:5D:D7:DC:53:38:DF:5D:C6"}}},"request":{"raw":"GET /cf79cd585778f644d39f030467538e4b/invoke.js HTTP/1.1\r\nHost: flexibleno.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:19 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18544\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: flexibleno.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: afa7d2ccc30875cde41b8f96c2fe81f7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46512,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46512), with no line terminators","md5":"ba1cbebbbbda09a1cc9d10fd14cfd6b5","sha1":"751530bce2ec43c5e8eab53a28324f22cbd7c5ca","sha256":"96175b78d8fea90e37f4d0eaa4bba27b873333c95865d745a86cb2bfa6d87494","sha512":"eba589e30037de7fb56ee98716ae884397a2d696f4d0decf4c6e34f1571a763f2707261fe0dd03be39015a665c6aef1f11c3fd6fb31aa011088a2aef764b6457","ssdeep":"768:Z05/C6gfHBHuf0NIjEqeJMtQIHKmt2FycS2+S:Z0I6gfhHuf0NMEqeMQIHKVQFS","tlshash":"f723f7883fe0f66b07727437126fd11ffa6acc019888cc5cc946e5a92f68b19e536b45","first_seen":"2025-11-06T18:31:50.811247Z","last_seen":"2025-11-09T12:51:21.264803Z","times_seen":2,"resource_available":true,"data":null}},"time_used":761,"timings":{"blocked":285,"dns":1,"connect":92,"send":0,"wait":97,"receive":94,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"flexibleno.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"flexibleno.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"flexibleno.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.311579502583.js?key=cf79cd585778f644d39f030467538e4b\u0026kw=%5B%22angel%22%2C%22city%22%2C%22spa%22%2C%22-%22%2C%22massage%22%2C%22in%22%2C%22east%22%2C%22hartford%22%5D\u0026refer=https%3A%2F%2Fbusinessesusa.com%2Fdetails%2Fangel-city-spa-ChIJ3R7\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d%3A1%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:19.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /watch.311579502583.js?key=cf79cd585778f644d39f030467538e4b\u0026kw=%5B%22angel%22%2C%22city%22%2C%22spa%22%2C%22-%22%2C%22massage%22%2C%22in%22%2C%22east%22%2C%22hartford%22%5D\u0026refer=https%3A%2F%2Fbusinessesusa.com%2Fdetails%2Fangel-city-spa-ChIJ3R7\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d%3A1%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://businessesusa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:19 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://businessesusa.com\r\naccess-control-allow-credentials: true\r\nlocation: https://kettledroopingcontinuation.com/watch.311579502583.js?dev=e\u0026key=cf79cd585778f644d39f030467538e4b\u0026kw=%5B%22angel%22%2C%22city%22%2C%22spa%22%2C%22-%22%2C%22massage%22%2C%22in%22%2C%22east%22%2C%22hartford%22%5D\u0026pst=1762453939\u0026rb=\u0026refer=https%3A%2F%2Fbusinessesusa.com%2Fdetails%2Fangel-city-spa-ChIJ3R7\u0026res=14.3095\u0026rmtc=t\u0026shu=8ab2f34c1d48280053567dc2a7f2daff4b183eb4148be28b574383bbe88e0cf5630afcaf3a6deb51184cd90e347e00fb8ba93fe9868347b36baff096a9977fdb172e039730f93fa4270d7c662586f13df3ebbf9f0216d97ea6c131\u0026tz=0\u0026uuid=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d%3A1%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI; expires=Thu, 06 Nov 2025 18:32:19 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e57d963565f4189562e44422f40d698d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4590,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":549,"timings":{"blocked":165,"dns":1,"connect":100,"send":0,"wait":95,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=2716\u0026rd=2716\u0026fd=546\u0026bv=25.10.3610\u0026tmpl=136","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:20.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=2716\u0026rd=2716\u0026fd=546\u0026bv=25.10.3610\u0026tmpl=136 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:20 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":763,"timings":{"blocked":327,"dns":0,"connect":106,"send":0,"wait":108,"receive":0,"ssl":218},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/9e/5c/35/9e5c35385d0c5139cc819db9c5ec3f9c/1756656395.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:20.239Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 08 Sep 2025 02:32:56 GMT","end":"Sun, 07 Dec 2025 02:32:55 GMT"},"fingerprint":{"sha1":"F2:37:25:60:C4:34:06:EB:37:74:9F:D1:9C:FE:63:47:1F:30:4C:58","sha256":"AA:72:28:9B:C9:B7:77:AB:D7:89:4F:AC:CB:86:72:85:1D:1B:E5:15:4D:07:7B:D9:77:0F:D5:BE:92:06:8D:71"}}},"request":{"raw":"GET /cti/9e/5c/35/9e5c35385d0c5139cc819db9c5ec3f9c/1756656395.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:20 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 65091\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 16:06:35 GMT\r\netag: \"68b4730b-fe43\"\r\nexpires: Sat, 08 Nov 2025 18:31:20 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65091,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:29 16:17:27], progressive, precision 8, 300x250, components 3","md5":"026ecb9ebfc333b46de99a35ece1ed63","sha1":"4945bcedd091109a3c43834502a9301ff5009087","sha256":"02fdce35ad465cf23a8baac4d505a51a7756c6d865f5d311389734c5c601416b","sha512":"e4756406638971996514a6c286a7dfafefee9e4bc76f86f557104ed8aaf4d3a513d13229756cf689e23e7d4e41beb3ac3a0aa75d3789433c5442f387d3073279","ssdeep":"1536:HT8CEOavT8CEOa2GYL1Ql6B2mQmW4aO1R9snq7ji0kZsUdCWTkLNVUQBq3:z8C7u8C7sk1c6BfQmjaO1d7jijFYLNVS","tlshash":"7953e040e682cc32e9e6d8b990f5c2b573329e906af39e40f49e64427ff87d5ac48153","first_seen":"2025-09-02T19:57:23.459951Z","last_seen":"2026-04-03T08:46:56.914433Z","times_seen":906,"resource_available":false,"data":null}},"time_used":364,"timings":{"blocked":150,"dns":20,"connect":19,"send":0,"wait":21,"receive":42,"ssl":110},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/utility/default/robot/3/img/moto.jpg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/notifications/utility/default/robot/3/img/moto.jpg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Nov 2025 18:31:21 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 67346\r\nserver: cloudflare\r\nlast-modified: Mon, 30 Jun 2025 11:15:07 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"686271bb-10712\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 1017517\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uCFx2DI8%2BaY1I5344gGEIMC0KvrJOrFej2sLJ2JIWhVLMx7YhnIZDu4Stm7pxDXbgkyLYfYv%2Blhx0cQKKfoOHi63Oi83TgphwmZadNCi\"}]}\r\ncf-ray: 99a6aad56eaeb4fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67346,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 979x977, components 3","md5":"9332b3326cc361a4a12bedd347c0627b","sha1":"a664493b30154627e0111431603effa83ea3501d","sha256":"3a3e2f3cbb2612be427015f9d7890a061fd43d926f3e2c5520329cd9a98caecb","sha512":"d1eac35f0c2769d9abfe98b4f0c74a00a376f272783f07993900b45401a7aa2c2c6e3d9f92f3e02754cfed0e36244a4b0f28dda9c141ad3a69d4fa97080db31c","ssdeep":"1536:4RYzKW/1uASQjsyb7b3wPbmFMexScznEZ6YTjIpxzRE2:sW/TzsyHOalxFzne6IjoRm2","tlshash":"ee63018e7e45d5dc4fc8db61bc1eaed992861936044af1e2092c7a03967d00db539ecb","first_seen":"2025-07-04T18:28:09.271582Z","last_seen":"2026-03-15T18:29:56.081599Z","times_seen":1497,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"businessesusa.com/apple-touch-icon.png","fqdn":"businessesusa.com","domain":"businessesusa.com","tld":"com"},"ip":{"addr":"34.111.179.208","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:19.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"businessesusa.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 05:24:17 GMT","end":"Sat, 10 Jan 2026 05:24:16 GMT"},"fingerprint":{"sha1":"93:F4:D4:D7:CB:C9:11:FE:94:C4:B8:2D:A4:F3:37:7B:DF:E0:85:F0","sha256":"CE:9D:D8:89:13:96:6F:90:EB:DD:DB:1F:2F:F4:9E:A8:B0:BC:A5:B0:37:B6:E5:3C:BA:F9:69:E4:4A:6B:95:DA"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: businessesusa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/details/angel-city-spa-ChIJ3R7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\ncontent-length: 3844\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 06 Nov 2025 18:31:19 GMT\r\netag: W/\"f04-19935eacf48\"\r\nlast-modified: Wed, 10 Sep 2025 23:16:45 GMT\r\nserver: Google Frontend\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nx-cloud-trace-context: ccb3c3313b91977579a6108db24c305f\r\nx-powered-by: Express\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Google Cloud Trace","description":"Google Cloud Trace is a distributed tracing system that collects latency data from applications and displays it in the Google Cloud Console.","website":"https://cloud.google.com/trace","common_platform_enumeration":"","icon":"google-cloud-trace.svg","categories":["Performance"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3844,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"0e79080d288a01181c6759f7e0cfd5bb","sha1":"baf0c2312ca1b056a4b6d8a8d2b1c1391b5a7f1b","sha256":"d34a1c76654206e0d1f3a5f8f9dbe3a5fa83e07509ef33e7b06a1ce1d5ef437f","sha512":"b122b3140730eae2ad8779ee1cc4f730c4c51ba97dbef078519a09c4a2329c2e636f88fbed7b9270d2274ee13c9baf4c79708a182418e4530de5bb49cbb9eb65","ssdeep":"","tlshash":"b081125388a1cc3863204224ace2f854d666a34f87099c54bb9e80d91fd1fd5c6f33f5","first_seen":"2025-09-14T09:54:54.903409Z","last_seen":"2025-11-23T06:20:47.116476Z","times_seen":21,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=7008\u0026fd=552","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=7008\u0026fd=552 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI; uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; pdhtkv=true; uncs=2; pdhtkv5=true; uncs5=1; u_pl27516621=1; pdhtkv29=true; uncs29=1; u_pl27716434=1; slec11a5763e8ad61a51c9f2d702688af48b=[6233297]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:21 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=563","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://businessesusa.com/details/angel-city-spa-ChIJ3R7","date":"2025-11-06T18:31:21.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Futility%2Fdefault%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=563 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://businessesusa.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzUxNjYyMSwiayI6ImNmNzljZDU4NTc3OGY2NDRkMzlmMDMwNDY3NTM4ZTRiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mjc5ODE1LCJwaWQiOjMxNzM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6ImRiYzN5am44dCIsImNwa3MiOnsiMjgiOiJjYzk0ZDMyMTQ5YzJiOTg2OTAwODM3MGQ2MzI2YTQ0ZSIsIjI5IjoiMTFhNTc2M2U4YWQ2MWE1MWM5ZjJkNzAyNjg4YWY0OGIifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2J1c2luZXNzZXN1c2EuY29tL2RldGFpbHMvYW5nZWwtY2l0eS1zcGEtQ2hJSjNSNyIsImFyIjpbXX19.DRCrLHV7WkhOHWaFcIN_CF7bXYV0V8GK4SxMJGXyRYI; uid_id2=f4fbfe16-fa42-4ee1-8698-fdfb86459b5d:1:1; pdhtkv=true; uncs=2; pdhtkv5=true; uncs5=1; u_pl27516621=1; pdhtkv29=true; uncs29=1; u_pl27716434=1; slec11a5763e8ad61a51c9f2d702688af48b=[6233297]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 06 Nov 2025 18:31:21 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T06:46:00.057853Z","times_seen":13320224,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-06","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}