{"report_id":"a1f1a9d2-79c2-4e3b-bacb-17ca43ff649c","version":6,"status":"done","tags":[],"date":"2025-10-12T12:37:04Z","url":{"schema":"https","addr":"blender.biz","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"172.67.142.232","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"blender.biz/","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"title":"blender.biz | Bitcoin mixing service, Secure and Anonymous Bitcoin Mixer"},"submit":{"url":{"schema":"https","addr":"blender.biz","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"172.67.142.232","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-16T12:37:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"blender.biz","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-03-21","domain_rank":0,"first_seen":"2025-10-12T12:37:04.453674Z","last_seen":"2025-10-12T12:37:04.453674Z","alert_count":33,"request_count":11,"received_data":355314,"sent_data":5002,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"blender.biz/","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"da8c86a7bc224aa52f4af5279443184f","sha1":"b95ea423203a23383de7688e0070510d5ec34f49","sha256":"440aa661c7074d5d5b62d6c333a3ee58f1efc2ef9e265f852c312cffd6f25937","sha512":"2995afcec1af2615468d70b4ba681d5ff6f9928b5094939c627bf52b98d3d3cf5c945e6b96bc2fa0b7bb49fa3b83cc98042cff3f8ec87b0bdbd11cad5f20554f","ssdeep":"","tlshash":"33c0928967069db2aafb2b404f3fb604b4463670aca11c314a16a348ba31d17ab98c60","size":144,"data":"","first_seen":"2025-10-12T12:37:08.219412Z","last_seen":"2025-11-18T03:59:52.598861Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ad79eb1834061a5a6e8f3feeb4d452df","sha1":"11a4712a62072d3c3411874a2f422dc729329746","sha256":"e2f3242e5eeea9f79459a57e029ef0433308c7c04af6af3ea2f06265f144ec19","sha512":"be8d0ff6aa86986d8667e710a15cccb8b550e85de1be61bb2420d64c54513eb8c51a959936bbd88b0537fe86e51f13e2b01e86b047af52ce600c3fc234c45ea3","ssdeep":"","tlshash":"b44127e154aa6ca40910b8679e0176087cf110ff369b5335746c6c737be2478cd69ad7","size":1941,"data":"","first_seen":"2025-10-12T12:37:08.223643Z","last_seen":"2025-11-18T03:59:52.600078Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/gtag/js.js?id=","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"82448bd56ce2abc52f084408b3bead5f","sha1":"d9e169f227e4da894a8ed7606311f973c5a80a22","sha256":"3be407caeb143d275e8aa73b3f795a3d4e67100bcda2187672af5a1095468014","sha512":"36a6afee60bbcea3b8237790904caa652a746eadc73e3c9bf4fcbb3e7671b01fb8706222480a4030d2809b9ff96d8dce449c799227bd5bd57b4ccf785a94bd26","ssdeep":"1536:E0XPrqVhR0kp6f2LfUKmgGd/EROLiQZv/26bidlmv0XQQIwxsQ1w9MKPhtdPQn90:E0XTQhR04MKexLRRWcQIQsSC","tlshash":"5fa3f9d9b786b466c2a3b4b8453f400ba1bb6d91f888ccd4e186d5c02e7869d407bf6d","size":101817,"data":"","first_seen":"2025-10-12T12:37:08.187135Z","last_seen":"2025-11-18T03:59:52.59598Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"blender.biz/","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-12T12:36:41.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:42 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 07:12:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DoRWdmdcewip13HRKwGf6WyyckwFEsVodZ9J52ndOTkGg3iu4jmezxedOLHXWSVDn3kTz%2B652v6Wxl0tQYSx8AhBPu8WqSfqfg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 98d6a4f3a991b4fd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15140,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"76fb93b104d20dbc7e67648bae50858e","sha1":"141523283a9767c3d645adf3fdd6726989c1d053","sha256":"c50d61e7bc73627c8f9e0adb03360228d5d2778f7a55e7651c14e350e105c187","sha512":"72650314103254cca599806ee6ba2714131cfa1562035391fbee4729c603c673eb06f1b202c9dd7dd4fa7c9d5a0dc40eb2c6c60ab2a7aceaba66edd4b79d456e","ssdeep":"384:ZfmJm04u4udZf4pFdcsa9jtdIAKWQtfs5A+Vv6K7WfsRqFVvifsRqpdsWYrL56Mg:Ze0pGNMDZMI9C","tlshash":"af621024358da83b026701cb94763f04b1efcd71d96a41a6b4fc57f723d2c68e927526","first_seen":"2025-10-12T12:37:08.167206Z","last_seen":"2025-10-12T16:11:18.154403Z","times_seen":2,"resource_available":false,"data":null}},"time_used":601,"timings":{"blocked":234,"dns":27,"connect":1,"send":0,"wait":128,"receive":0,"ssl":208},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/css/core.css","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://blender.biz/","date":"2025-10-12T12:36:42.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET /css/core.css HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://blender.biz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:42 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 06:43:58 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gIuQcC4Ga9WYuH88jk%2FXg9YcspvkBnNnVlMSWnX%2BK19ZxrnRgEe9GCZ59xFLN8QnvZeDgrR7%2FIYzlBvugGlRs%2BUgfffKCGM19gWD\"}]}\r\netag: W/\"67e0ff2e-10144\"\r\ncontent-encoding: br\r\ncf-ray: 98d6a4f5ac2c0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65860,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (664), with CRLF line terminators","md5":"f93eaa2db5a5e280b09e49db776e73f2","sha1":"f505aa5c28be493ccd0b36c0f58c657ffde2dddc","sha256":"578ccf3d279d833a95fa035ceb05a293a074c3fdcdfd3418af2ca0f738a1522f","sha512":"61008519608213832ed6385e22028db0db9e52a1a254e41d28b0f5d1f55f501cadcfe12bc4696c0d997304551a1c93e2df79a4565725962086ebbe2e31682d30","ssdeep":"768:BAOLgwEhvsg8jbE+VOV+MCHznbLtCK56wib771GHZLO7BipQvUso:BnL+OHbERVCw1GHZH","tlshash":"f053ec83f6926148501757d5e1b7fbfaee7c910163429cf6e8513a288388ee305f2b5e","first_seen":"2025-10-12T12:37:08.173726Z","last_seen":"2025-11-18T03:59:52.587668Z","times_seen":3,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/css/style.css","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://blender.biz/","date":"2025-10-12T12:36:42.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET /css/style.css HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://blender.biz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:42 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 06:43:58 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DNSysoW%2FgQUl0wQ5zM35Kvx%2F457iPsL7HRNUlZBR73CzK%2FTF4vZH1jRDCPacTDnGxfsw9uStRPeYGQc2Y%2F3YC5XKqhfmJGJJOqQG\"}]}\r\netag: W/\"67e0ff2e-2c4c\"\r\ncontent-encoding: br\r\ncf-ray: 98d6a4f5ac300731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11340,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"209a8708a04098a21db1bd9bfd0f794a","sha1":"45b2665a440eb4095a6c4697b9a1434740ac2d7d","sha256":"5b32c000eb21f0f0f24cd0a881e748615c4a4b322e3d2ff8f5f914fef11f560b","sha512":"fe6a7b7bb6e076917eb3c9e8af89ad396c71b86b4c4b4c7a011ecf3a142d4a9d544a1badecf038575c7d7915661667c9354efd205351f6b7f32bec3f93320052","ssdeep":"192:AbdLqp0qQ+eWj9x5K34R8ZShr8er8j689a2DPgC+y:minr9Lq4IoaP4CT","tlshash":"483243273317530895169385f8f7c7a4af29c050a34b85feeedb0424da8d5a017f6b9a","first_seen":"2025-10-12T12:37:08.182092Z","last_seen":"2025-11-18T03:59:52.589144Z","times_seen":3,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/gtag/js.js?id=","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://blender.biz/","date":"2025-10-12T12:36:42.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET /gtag/js.js?id= HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://blender.biz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:42 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 06:44:23 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SKWXfS1tDt8YJSz9eM4%2F1SuL7l3XAKsA%2F%2BjnNr4%2FDOsrvEypI2py%2FajPZ4B4Rz7RIq9u26nrXQlipPo%2FbEXAEQgUHoliAPgCTcus\"}]}\r\netag: W/\"67e0ff47-18db9\"\r\ncontent-encoding: br\r\ncf-ray: 98d6a4f5bc340731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":101817,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2527)","md5":"82448bd56ce2abc52f084408b3bead5f","sha1":"d9e169f227e4da894a8ed7606311f973c5a80a22","sha256":"3be407caeb143d275e8aa73b3f795a3d4e67100bcda2187672af5a1095468014","sha512":"36a6afee60bbcea3b8237790904caa652a746eadc73e3c9bf4fcbb3e7671b01fb8706222480a4030d2809b9ff96d8dce449c799227bd5bd57b4ccf785a94bd26","ssdeep":"1536:E0XPrqVhR0kp6f2LfUKmgGd/EROLiQZv/26bidlmv0XQQIwxsQ1w9MKPhtdPQn90:E0XTQhR04MKexLRRWcQIQsSC","tlshash":"5fa3f9d9b786b466c2a3b4b8453f400ba1bb6d91f888ccd4e186d5c02e7869d407bf6d","first_seen":"2025-10-12T12:37:08.187135Z","last_seen":"2025-11-18T03:59:52.59598Z","times_seen":3,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/fonts/OpenSansRegular/OpenSansRegular.woff","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://blender.biz/","date":"2025-10-12T12:36:42.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET /fonts/OpenSansRegular/OpenSansRegular.woff HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://blender.biz/css/core.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:42 GMT\r\ncontent-type: application/font-woff\r\ncontent-length: 27336\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 06:44:13 GMT\r\netag: \"67e0ff3d-6ac8\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u4AuEcbb6%2BEP9twmDmRSrf6%2BCtNd%2FaFEBr7NU7Sn9kAVktvLrFCz1T%2F9ed7dbvENm5XU7oUWDlJPO%2FHllkX5Vnfe0wInWH%2FVItME\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98d6a4f72fc10731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27336,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 27336, version 1.1","md5":"0f7c77932ea877aca544e439a3e63bb6","sha1":"7a443f3919b08b8a4983da0720b5f7a8e901fe5e","sha256":"caeec0b59ba7ea579ce20d9b84e6d9b4a55ff0d4bd27126b0929b3d2de644cd4","sha512":"23c3b08c1269577864822a42a8e609bbb4cc50625c6d71e5be53c7b7cd6bbc7c5422dbff3c6436af5ec1ed7bd37665907fe56039e88b83b013513cf90cc56ec8","ssdeep":"384:wOwyQL2EjzO2F4UhW0ERNlyIh0sMzbeYSc/gjRRNOoeFKi2Hm66mPcKPm+Q8f840:wUQJLxkRNNh3YS2eP6FELxlXk","tlshash":"dac2e1f7f7389d0ff80e8b36fc5b022c660ef65e8d22c627d7728a411660be95051956","first_seen":"2023-04-07T12:59:25Z","last_seen":"2026-04-04T08:28:38.996705Z","times_seen":336,"resource_available":false,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":150,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/images/touch-icon-ipad-retina.png","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://blender.biz/","date":"2025-10-12T12:36:42.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET /images/touch-icon-ipad-retina.png HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://blender.biz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:43 GMT\r\ncontent-type: image/png\r\ncontent-length: 2555\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 06:44:28 GMT\r\netag: \"67e0ff4c-9fb\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hroCKYHnFtvMLXkFjKDZIOn08sgBAMWuJ0yNgvG1qlRjI44Atav7cff%2F2ttebCUQm13cB0Uk4v2zct5yPi2KxJ3t1it5e%2B070cyZ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98d6a4f85a8f0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2555,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 152 x 152, 8-bit colormap, non-interlaced","md5":"91fdeaf1dcb252a05160c26530a6de6d","sha1":"90e98282791cd6c6d99a146c5be770c22c5c2f75","sha256":"458ba009a7bff3c8ad634e09eab53cf12f315e68ede78f037f11f9ef92c2012d","sha512":"da1e387af73fa687d374877ab4e9589ea3f7c753db713ea6104e73bf391f3a73bf1f2500ae537d33205e2dfc38e4cce92ff9db7caba245dace8565a0f8215b0d","ssdeep":"","tlshash":"47515c029a4fa26bc26a828d8331017afa1aacd035e5248df4c6c45c6f61e163d714c1","first_seen":"2025-10-12T12:36:39.276876Z","last_seen":"2026-02-12T18:26:15.976052Z","times_seen":11,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/images/blender_pic.png","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://blender.biz/","date":"2025-10-12T12:36:42.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET /images/blender_pic.png HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://blender.biz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 41486\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 06:44:28 GMT\r\netag: \"67e0ff4c-a20e\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w%2BMoT2gP0fxF2L45mx0kceJl3H5RFtC7MpvKBXhJm8VX3Yj7i0tU5BPw8lQlIkWKoXJYlfu7V%2FIGyQ6IPgloU%2BSv7vzNf7RgAH8d\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98d6a4f5bc3b0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41486,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1272 x 851, 8-bit colormap, non-interlaced","md5":"9ba72d68d0fb8f3f5f07903e943a6db8","sha1":"87fc58f04f7c91455b1971f4cc712f25b7ee7b38","sha256":"c9a188f0dd755af900bbaa5a67d8b3cb10bccd23dc39ec127c01e280ce4fae77","sha512":"46b43d0eb6ff1dce7e477248a3cc14d2f3e2aaf0cf7d918bdcf90f8b8112ed4b4a3381bbec526e948bca43290a36ea44edee242a8dd4f84bfb14d34dc51bf36b","ssdeep":"768:wN49xdAyJeCt31b9TImqZ9l5y313IDvkeeJRByGTMdofifoe3WYG:hdmCtFbkjy3eDER3CofifoemP","tlshash":"b513011a35e525e1f6968533c00c23a73c7f00d95d247bd43ef38151a90d8d2afa89da","first_seen":"2025-10-12T12:37:08.197232Z","last_seen":"2025-11-18T03:59:52.594999Z","times_seen":3,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/images/sprite.png","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://blender.biz/","date":"2025-10-12T12:36:42.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET /images/sprite.png HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://blender.biz/css/core.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 3903\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 06:44:25 GMT\r\netag: \"67e0ff49-f3f\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LFDvtYQ6nXFbQJ5EkOlQWVmoCXihYXo2mxnPJVqK1KdD8gcvCp34AwCYfuxcVrsBwL39pQdFU0tX7h6zlfDFOw2W5XK8Hd0OZw4D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98d6a4f71fab0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3903,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 144 x 123, 8-bit colormap, non-interlaced","md5":"3ae2c92517c2348e87d904188bb56d11","sha1":"c20f29bcfbd6a5f2e49117cb78d145538dc733d2","sha256":"9c802ae51e6ad528657903ff7c8701be3b1de47f794173c3e49f82a6ab9dd81d","sha512":"c4e49e0f8e60f23940ff41afc4d67bb53af9ed3f2c737f5e343135bb3e1d7b5c5096bbb8459634b69489f4e669820e68321b571bd57c06bfc0ce2f97bb61536b","ssdeep":"","tlshash":"3d81277c141847e9edce1c66a6e7200497a33d9c2d130bb0fded098dc7abb005582f92","first_seen":"2025-10-12T12:37:08.201351Z","last_seen":"2025-11-18T03:59:52.590733Z","times_seen":3,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":121,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/fonts/OpenSansBold/OpenSansBold.woff","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://blender.biz/","date":"2025-10-12T12:36:42.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET /fonts/OpenSansBold/OpenSansBold.woff HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://blender.biz/css/core.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:42 GMT\r\ncontent-type: application/font-woff\r\ncontent-length: 28124\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 06:44:16 GMT\r\netag: \"67e0ff40-6ddc\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QJmKXU547y5Qozrm9aN8Sfvi%2FLp82v%2BCy6W86NV7K3lZ1YqnrkrzWjzRznGHSck6o4Z8I%2BXWe1tuIR7OtEhyt7%2FpbiaItpq15FYN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98d6a4f73fd40731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28124,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 28124, version 1.1","md5":"eff2996162fdfe7c6af7995d3f790275","sha1":"1da200a9dabb64b33044126a324a276bea71a557","sha256":"36d1c6e6cb110da154dae5f43fc00c59d205fef10edd9f5cfcef1d88da48d7fb","sha512":"3902c7f71471e1e9e2098594c89a85240c78f529eccaf509ac415b1f7200061004dd39e73b86fe0bd0335f2e3405508c2491aebdbbd0f7bd8edf31b43d262281","ssdeep":"768:S24+BzzaLbw6n3dHfOyngx7/imiz8qPWu0ZbUJ:EozzY8Igyg1XGrPEI","tlshash":"d5c2f18109a77bdee7005630f7db3b0946b0054288a71d4ecfeb8e605d816fad3d622e","first_seen":"2023-04-07T12:59:25Z","last_seen":"2026-03-31T21:29:36.003336Z","times_seen":258,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/fonts/OpenSansLight/OpenSansLight.woff","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://blender.biz/","date":"2025-10-12T12:36:42.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET /fonts/OpenSansLight/OpenSansLight.woff HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://blender.biz/css/core.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:42 GMT\r\ncontent-type: application/font-woff\r\ncontent-length: 27984\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 06:44:19 GMT\r\netag: \"67e0ff43-6d50\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JGsjAIsfNzoVV%2FgPKubxAqvxLwM4GH%2BVRyLSr5zX9goyZ46kTOZUdY%2FE3JPbnxPBUfkaMSvsVH97tVUFbnPhZSl0LVmNzvOAM6tJ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98d6a4f73fda0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27984,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 27984, version 1.1","md5":"f5e96f06811c03c019d10f2a8402303a","sha1":"76e412a10cac3758d8198cc06abf912773385db1","sha256":"42f31470a0d3bcd63fd438ba71def714f8de35efe64390fac3b7dc6bfab46479","sha512":"bb8ab9e841b11406a353c302da5606cd5d5dbb703d1262cb168bf1aae85a8debf9352b3eea74efb5c63ae5edf3501500f40de44299933f8f116eaa1970d10768","ssdeep":"768:d5Vpqu0Mmv4wyXdALk8egt1kfupVKZspbK:dncvvJLk2Vpkqs","tlshash":"f2c2e17fa77c15c5d55dc77068e0263823621a895fd32eb4f33a06b25a2bb442f62472","first_seen":"2023-05-22T11:10:40Z","last_seen":"2026-03-29T05:30:02.559659Z","times_seen":94,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"blender.biz/images/favicon.ico","fqdn":"blender.biz","domain":"blender.biz","tld":"biz"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://blender.biz/","date":"2025-10-12T12:36:42.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blender.biz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 06:32:43 GMT","end":"Sun, 21 Dec 2025 07:30:27 GMT"},"fingerprint":{"sha1":"CF:9D:8B:85:69:ED:6C:9F:CD:A7:9E:45:9E:2A:65:01:9D:05:EF:B6","sha256":"D1:1F:1B:9A:7D:8E:BD:29:7A:09:C9:5B:60:1D:B6:FB:1B:25:74:98:28:FB:03:DC:BE:65:27:DD:F5:D3:BF:64"}}},"request":{"raw":"GET /images/favicon.ico HTTP/1.1\r\nHost: blender.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://blender.biz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 12 Oct 2025 12:36:43 GMT\r\ncontent-type: image/x-icon\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 06:44:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EdgxmMCK2MdM%2Bb8IbfrsSSh90LkdYsHXfOHTCsy89Qrb0Kxb%2BAhtwyYZE3kSVQzXOjMctMAoqzlytCqdw3RRJm2VRy1LdIgFXDNL\"}]}\r\netag: W/\"67e0ff4a-576e\"\r\ncontent-encoding: br\r\ncf-ray: 98d6a4f85a910731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22382,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"03335ef97c1a20b360c2de36ac3ce2e1","sha1":"4db6046af95fadc89f0c94886ea306d7af34fa85","sha256":"906b8323ea50d03b6a459551012c34699c1be6579a689cab3fb45fcc076b0715","sha512":"519811ead0ab45ac741903da8ccd6963030089eaf91f5a7420ad5aa6f8098a6bad13a28eadd4a5311d83cdad4d9b31cb8619fed625e4657624275b0877956824","ssdeep":"192:Nms6pF82XxEIEasnMbdQ2I+7ClxHrf1YkTGxcoMPHdkmB71JLq:Nj4ORaSgQD+7CfHrf1YDMVkmfJe","tlshash":"c8a2b7926e82b54dec227970961a8ff05b235ca8d1d5270f57a17f34392d0ef530baca","first_seen":"2025-10-12T12:36:39.320218Z","last_seen":"2026-02-12T18:26:15.976695Z","times_seen":11,"resource_available":false,"data":null}},"time_used":150,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-12","alert":"Sinkholed","trigger":"blender.biz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}