{"report_id":"a55704da-93fa-48a6-bd6b-8ac8ca231b76","version":6,"status":"done","tags":[],"date":"2025-11-04T01:57:38Z","url":{"schema":"http","addr":"fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","fqdn":"fastcdn-dl.pages.dev","domain":"fastcdn-dl.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.252","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","fqdn":"fastcdn-dl.pages.dev","domain":"fastcdn-dl.pages.dev","tld":"pages.dev"},"title":"Instant DL Page","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":""}},"submit":{"url":{"schema":"http","addr":"fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","fqdn":"fastcdn-dl.pages.dev","domain":"fastcdn-dl.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.252","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-09T01:57:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":13}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-04T01:57:15Z","timestamp":1762221435,"ip_dst":{"addr":"172.66.47.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.17","port":51354,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)","source":"{\"timestamp\":\"2025-11-04T01:57:15.794299+0000\",\"flow_id\":231916917489238,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":51354,\"dest_ip\":\"172.66.47.4\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2057746,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_11_20\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_11_20\"]}},\"tls\":{\"sni\":\"fastcdn-dl.pages.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3469,\"start\":\"2025-11-04T01:57:15.786006+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"ghastlyejection.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"ghastlyejection.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"3.122.8.109","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-11-02T22:44:08.106316Z","alert_count":0,"request_count":1,"received_data":429,"sent_data":423,"comment":"","tags":null,"fingerprints":null},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-10-29T12:17:00.805459Z","alert_count":2,"request_count":1,"received_data":377,"sent_data":383,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-10-29T01:46:39.393433Z","alert_count":2,"request_count":1,"received_data":530,"sent_data":731,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"fastcdn-dl.pages.dev","ip":{"addr":"172.66.47.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-09-02","domain_rank":0,"first_seen":"2025-07-31T18:58:47.790797Z","last_seen":"2025-10-17T09:47:54.549232Z","alert_count":0,"request_count":4,"received_data":194512,"sent_data":2941,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"skinnycrawlinglax.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":38609,"first_seen":"2025-07-09T22:28:05.771371Z","last_seen":"2025-11-03T07:20:40.565541Z","alert_count":4,"request_count":1,"received_data":520,"sent_data":465,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-10-29T06:43:10.669425Z","alert_count":3,"request_count":1,"received_data":85963,"sent_data":378,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ghastlyejection.com","ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2023-03-24","domain_rank":704843,"first_seen":"2023-04-09T03:04:08Z","last_seen":"2025-10-19T19:36:46.939288Z","alert_count":2,"request_count":1,"received_data":107607,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-04T01:57:15Z","timestamp":1762221435,"ip_dst":{"addr":"172.66.47.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.17","port":51354,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)","source":"{\"timestamp\":\"2025-11-04T01:57:15.794299+0000\",\"flow_id\":231916917489238,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":51354,\"dest_ip\":\"172.66.47.4\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2057746,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_11_20\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_11_20\"]}},\"tls\":{\"sni\":\"fastcdn-dl.pages.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3469,\"start\":\"2025-11-04T01:57:15.786006+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","fqdn":"fastcdn-dl.pages.dev","domain":"fastcdn-dl.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.47.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"64e5e20e44a7c7f3fe3876c0a78d99ed","sha1":"4311552ffabb7db0a892e042c9e11d70737c33d9","sha256":"0f77d56c1561accc9f7f8722b1aadce45877fcf71faec8abc8a6195d056c17e6","sha512":"d988458304c9f6eeab3c06bc008a4eb8349279a8583ea7ad6c1a018a6b53dfa44b094b3ec4ce5a5c099c36d815b158dc3f1f21862758ff66f834b66eb80a6d22","ssdeep":"","tlshash":"2ef0590c1263e2bd02b71192939bc3e4707622a73408c109393ccbc02f6bd6ee1035ea","size":518,"data":"","first_seen":"2025-03-15T09:03:26.152473Z","last_seen":"2026-05-10T22:46:07.25063Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js","fqdn":"ghastlyejection.com","domain":"ghastlyejection.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c065859f024ee67ef05c2a9262ebf070","sha1":"3775eb56aac353c644c9297421ce47505aad422f","sha256":"ca8df319f396c4bcd1b1750a83864f8205a10438410b0e2b1432aef2ad14e0c9","sha512":"06e6dfce67ccdfdd192e9d41e152091fe5fc5522ac1fa658ec8db93011b66d9c9f656f46598bbfd34cd9afc525f2eee88584cf7b471cdc47529613a8315e462a","ssdeep":"1536:ombT0jLlKHI2HTXYao6R167ET/Dei89ZHf5nMJAbzsYoxcLT:otY3LKKJkVL","tlshash":"7aa3b6cc3f81f06d466a68b3123f800bf12e6d55908ce9dcf913e1e99eb8b5b9539524","size":106762,"data":"","first_seen":"2025-11-04T01:57:39.160546Z","last_seen":"2025-11-04T01:57:39.160546Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","fqdn":"fastcdn-dl.pages.dev","domain":"fastcdn-dl.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.47.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-04T01:57:15.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fastcdn-dl.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 17:43:16 GMT","end":"Sun, 07 Dec 2025 18:41:57 GMT"},"fingerprint":{"sha1":"1C:71:8C:E7:D7:A8:D5:95:D3:E5:59:1D:A9:0E:3B:23:01:E6:B6:F1","sha256":"92:35:1C:18:17:8F:E5:A2:0E:AD:3B:B2:5B:17:DD:73:D5:B9:DF:D6:21:EB:66:1A:00:5A:5D:2C:AD:23:AC:E6"}}},"request":{"raw":"GET /?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq HTTP/1.1\r\nHost: fastcdn-dl.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 04 Nov 2025 01:57:15 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fG8qfYGHLrHxJVva%2BBLkgC76GbtqKP0NjWsaDlp4GTMyULfis9Z6J3%2F96VbMzg8dDJhoWSYg79a4RW7r%2F1VA9FeM8dVUZED20LEBXH4ZjZHyhA%3D%3D\"}]}\r\netag: W/\"8a3f641bf27df4cb497086aeee612463\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 99907fe5cf1a569f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6291,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"2df6d2fc061626a9bad0cc3be15e3491","sha1":"4e9592335fb97995d257883ed818728f960049d0","sha256":"f58ef1b13c1a339cc0629ca8cc82f069ee60a27bcb00f7e50d86ae93263781cf","sha512":"9b3c6bdb476a9f436aaafa97b0e6fb25eccb70ceb0b1a79a73f07229fab4329fd4b84ab8714254d7d6ba631c06ac2072d2ee1d0a3905d8f0ab2405a404f89df4","ssdeep":"96:RdhY12LGt2/+ZLJiyG3Ro1MoEeL1l2FDE4fwbq2bNbxiNwk:ZYpBJp8RImUH6DE4uZVIZ","tlshash":"f7d18725ecc5081d00374690fbce6e24fa4ed19753498ac870ac2637bbf8d0ad497a6b","first_seen":"2024-10-12T22:59:19.163397Z","last_seen":"2026-02-15T10:38:04.902301Z","times_seen":29,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":26,"dns":3,"connect":1,"send":0,"wait":45,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fastcdn-dl.pages.dev/css/dl.min.css","fqdn":"fastcdn-dl.pages.dev","domain":"fastcdn-dl.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.47.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","date":"2025-11-04T01:57:16.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fastcdn-dl.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 17:43:16 GMT","end":"Sun, 07 Dec 2025 18:41:57 GMT"},"fingerprint":{"sha1":"1C:71:8C:E7:D7:A8:D5:95:D3:E5:59:1D:A9:0E:3B:23:01:E6:B6:F1","sha256":"92:35:1C:18:17:8F:E5:A2:0E:AD:3B:B2:5B:17:DD:73:D5:B9:DF:D6:21:EB:66:1A:00:5A:5D:2C:AD:23:AC:E6"}}},"request":{"raw":"GET /css/dl.min.css HTTP/1.1\r\nHost: fastcdn-dl.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 04 Nov 2025 01:57:16 GMT\r\ncontent-type: text/css; charset=utf-8\r\npriority: u=2,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=52lu0evVZmFt9NqWuk9mqtVQkaw7yRCFnlSUPgnHohNl69f9je5I8ewtYlfs4NUnMIsib1Ol%2BNJCRqO6lZ5xAFefZrUTzm77lTys0X2Lm7FbrIcT\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"07d7082556e5d923883eebbd125691cb\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 99907fe70fc42efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":175852,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"eec35fcf6d81d098a99b77b1d5b26b3b","sha1":"303b410f7c4be1537ab6b0fb51b7e91b97c45728","sha256":"be4e052c7f7ac374901bc04faea577b9d1c43b7969f8cd1cd4ed9dc413686bb5","sha512":"6db657ac3f5510b53cf3478c9c813966cd28ea0c51cd67643fabe8e7490ab61abf1d039106532c0dd67c177202e18b4ff0d8db254a75c1918287dbbb115ff947","ssdeep":"3072:uS4GxaCicQL56uJGrsu9qpQ7qZ5OGjwB6nJ0JE7Ql+YHkekWucVtpcWYQGPPJ6If:uSFxaCicQL56uJGrsu9qpQ7qZ5OGjwBo","tlshash":"c304e8e5f47135be70a3c55da0d1bb87261b4151e63a8bbff427669c86ce08a0673f08","first_seen":"2023-10-22T08:59:08Z","last_seen":"2026-05-10T22:46:07.248697Z","times_seen":74,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fastcdn-dl.pages.dev/css/dlstyle.css","fqdn":"fastcdn-dl.pages.dev","domain":"fastcdn-dl.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.47.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","date":"2025-11-04T01:57:16.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fastcdn-dl.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 17:43:16 GMT","end":"Sun, 07 Dec 2025 18:41:57 GMT"},"fingerprint":{"sha1":"1C:71:8C:E7:D7:A8:D5:95:D3:E5:59:1D:A9:0E:3B:23:01:E6:B6:F1","sha256":"92:35:1C:18:17:8F:E5:A2:0E:AD:3B:B2:5B:17:DD:73:D5:B9:DF:D6:21:EB:66:1A:00:5A:5D:2C:AD:23:AC:E6"}}},"request":{"raw":"GET /css/dlstyle.css HTTP/1.1\r\nHost: fastcdn-dl.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 04 Nov 2025 01:57:16 GMT\r\ncontent-type: text/css; charset=utf-8\r\npriority: u=2,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v3429BxjmQGclEEMm6W3Uxx%2FI26OPvLJfjS%2BoMRIQUEYUC70xXnT8hAPi5QdKzJ4vX0%2BPSoz%2BmeWxkBmy2DLfb2kEbqeqY47wKqbPnt0GVqauPfX\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"3cfc5508528d839463a06e5a70081e9c\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 99907fe70fc92efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2993,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (344)","md5":"16ad41d52cdc472f7134fe8d0815610f","sha1":"10627c128ffc3f521b42145fa37503c7aaa14892","sha256":"b7c82564b3c074b14920f5c8dd416c45960e7ed7a205154943c7b6415a325247","sha512":"f7050ded150970dbd613c0a82c7522aa7d9a13c8724a7499bc4cb23241e9471ea397d11686db0ed50d98ac3a793bc0a21d1bfaa5d39076bac9bd0deb294dedd4","ssdeep":"","tlshash":"2f5110e575221b9873ab895832c3bec3770f4047c236bc29755e56f0cbda44e16e638a","first_seen":"2024-09-19T21:04:41.305223Z","last_seen":"2026-05-10T22:46:07.249763Z","times_seen":38,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=783\u0026rd=783\u0026fd=565\u0026bv=25.10.3609\u0026tmpl=70","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","date":"2025-11-04T01:57:16.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:33:26 GMT","end":"Sat, 24 Jan 2026 22:33:25 GMT"},"fingerprint":{"sha1":"74:B9:DE:52:5E:A4:22:C1:3F:4E:90:E5:53:C1:13:27:E5:47:BB:D2","sha256":"0D:C6:A2:6A:15:63:9B:67:CF:55:A8:E1:E3:EC:AF:D3:57:2E:38:F3:44:79:B9:FC:61:8A:CD:64:82:05:64:6F"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=783\u0026rd=783\u0026fd=565\u0026bv=25.10.3609\u0026tmpl=70 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 04 Nov 2025 01:57:16 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-23T17:07:55.698935Z","times_seen":15618608,"resource_available":true,"data":null}},"time_used":682,"timings":{"blocked":293,"dns":13,"connect":92,"send":0,"wait":94,"receive":1,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","date":"2025-11-04T01:57:16.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 04 Nov 2025 01:57:16 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: aa82b280e685df23cca39f9248135bda\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":60,"dns":1,"connect":17,"send":0,"wait":20,"receive":18,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fastcdn-dl.pages.dev/favicon.ico","fqdn":"fastcdn-dl.pages.dev","domain":"fastcdn-dl.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.47.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","date":"2025-11-04T01:57:16.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fastcdn-dl.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 17:43:16 GMT","end":"Sun, 07 Dec 2025 18:41:57 GMT"},"fingerprint":{"sha1":"1C:71:8C:E7:D7:A8:D5:95:D3:E5:59:1D:A9:0E:3B:23:01:E6:B6:F1","sha256":"92:35:1C:18:17:8F:E5:A2:0E:AD:3B:B2:5B:17:DD:73:D5:B9:DF:D6:21:EB:66:1A:00:5A:5D:2C:AD:23:AC:E6"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fastcdn-dl.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=91bd9ad1-1a8b-4e6d-b57b-201d1775780a%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 04 Nov 2025 01:57:16 GMT\r\ncontent-type: text/html; charset=utf-8\r\npriority: u=6,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J%2B%2FRtVz1ubZk40ZfWsUQ5xoWDb2I9MYhNt7vy%2Fk9%2BcAeVKTmfiyOVZ%2BS%2BymSXExIclPVQyaQwmzUtDeXp8MTojvLPHzmKxuRd%2Fr8wutXA%2BvD9FpA\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"8a3f641bf27df4cb497086aeee612463\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 99907fec8c772efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6291,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"2df6d2fc061626a9bad0cc3be15e3491","sha1":"4e9592335fb97995d257883ed818728f960049d0","sha256":"f58ef1b13c1a339cc0629ca8cc82f069ee60a27bcb00f7e50d86ae93263781cf","sha512":"9b3c6bdb476a9f436aaafa97b0e6fb25eccb70ceb0b1a79a73f07229fab4329fd4b84ab8714254d7d6ba631c06ac2072d2ee1d0a3905d8f0ab2405a404f89df4","ssdeep":"96:RdhY12LGt2/+ZLJiyG3Ro1MoEeL1l2FDE4fwbq2bNbxiNwk:ZYpBJp8RImUH6DE4uZVIZ","tlshash":"f7d18725ecc5081d00374690fbce6e24fa4ed19753498ac870ac2637bbf8d0ad497a6b","first_seen":"2024-10-12T22:59:19.163397Z","last_seen":"2026-02-15T10:38:04.902301Z","times_seen":29,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ghastlyejection.com/d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js","fqdn":"ghastlyejection.com","domain":"ghastlyejection.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","date":"2025-11-04T01:57:16.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ghastlyejection.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 21:12:12 GMT","end":"Wed, 10 Dec 2025 21:12:11 GMT"},"fingerprint":{"sha1":"32:1B:D1:CD:88:68:17:D9:B7:FF:B8:86:6E:4A:BF:D3:92:EF:3C:16","sha256":"52:A4:11:A1:C0:AD:29:D0:23:9D:1F:6D:77:95:02:4D:EC:BB:D0:E0:9A:DA:D1:C5:AD:26:43:B8:36:82:C6:2E"}}},"request":{"raw":"GET /d6/c6/9c/d6c69caa54fd5fdaf8def7abe2268296.js HTTP/1.1\r\nHost: ghastlyejection.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 04 Nov 2025 01:57:16 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 37917\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: ghastlyejection.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e203b05704d5cbdbb6a5bf1087326989\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":106762,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c065859f024ee67ef05c2a9262ebf070","sha1":"3775eb56aac353c644c9297421ce47505aad422f","sha256":"ca8df319f396c4bcd1b1750a83864f8205a10438410b0e2b1432aef2ad14e0c9","sha512":"06e6dfce67ccdfdd192e9d41e152091fe5fc5522ac1fa658ec8db93011b66d9c9f656f46598bbfd34cd9afc525f2eee88584cf7b471cdc47529613a8315e462a","ssdeep":"1536:ombT0jLlKHI2HTXYao6R167ET/Dei89ZHf5nMJAbzsYoxcLT:otY3LKKJkVL","tlshash":"7aa3b6cc3f81f06d466a68b3123f800bf12e6d55908ce9dcf913e1e99eb8b5b9539524","first_seen":"2025-11-04T01:57:39.160546Z","last_seen":"2025-11-04T01:57:39.160546Z","times_seen":1,"resource_available":true,"data":null}},"time_used":861,"timings":{"blocked":328,"dns":48,"connect":93,"send":0,"wait":107,"receive":94,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"ghastlyejection.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-04","alert":"Sinkholed","trigger":"ghastlyejection.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.122.8.109","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","date":"2025-11-04T01:57:16.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://fastcdn-dl.pages.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 04 Nov 2025 01:57:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://fastcdn-dl.pages.dev\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=91bd9ad1-1a8b-4e6d-b57b-201d1775780a:2:1; expires=Fri, 02 Nov 2035 01:57:16 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"9154cd07d0adf95ae1aee0039ceeab9b","sha1":"aff3414958c848578bbba0f0ed3edc3916d46aa5","sha256":"b4b1ed030f996b0aec82d4bf8cf29e77eed47d416fd0a8230df44e5fb046fc25","sha512":"fca52bd1967c65d8e96958199f4b28e99a6b4fd8456284737b208d6311bda7331f3314873f69293bfbd60b45dcc7b3b3490a26fc08d77bcaadc3637ebfbe445a","ssdeep":"","tlshash":"8b900470cd03c0500fc44f500554d4cf4d0d034101c414330dc747770755015c04c341","first_seen":"2025-11-04T01:57:39.161956Z","last_seen":"2025-11-04T01:57:39.161956Z","times_seen":1,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":107,"dns":10,"connect":21,"send":0,"wait":23,"receive":0,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","date":"2025-11-04T01:57:16.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:14:37 GMT","end":"Wed, 28 Jan 2026 01:14:36 GMT"},"fingerprint":{"sha1":"5A:67:AA:88:D5:BE:C4:00:42:86:CC:4E:FC:E7:73:FE:CB:85:71:60","sha256":"F5:6C:A4:39:AC:04:F6:11:7E:DB:94:93:4C:93:FC:EC:A2:B4:4E:A4:FE:19:8E:22:C0:D8:D4:84:67:37:70:C0"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 04 Nov 2025 01:57:16 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ff4ecd9dbd9f7cfc9be300e648261719\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-23T17:07:55.698935Z","times_seen":15618608,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":57,"dns":1,"connect":18,"send":0,"wait":17,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=91bd9ad1-1a8b-4e6d-b57b-201d1775780a\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=d6c69caa54fd5fdaf8def7abe2268296\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=1","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fastcdn-dl.pages.dev/?url=https://video-downloads.googleusercontent.com/ADGPM2nOaqXDjtnVwlpzn8fmp8W7xAI7IB504H075c85352ZMNKMW7s_tWbc-EpNZrBofJ9e1WbrsSAmxRi0OBe4rdOJlNzJGcnoI2AB8C1QX-1W9DRrxWKFHZ8eWNFRUf6V3wdY748N0K3XvUPCdUzTL9odr9q56FCUJOWlS8t7HXXL3YwqteVvpJ4abmkLw6eLhhRwAJoTr4tAq9R1GPWfJ9IBWQ7sC8QZzz8uv9ODw61uZazPm08w5aLFSUxdsDrGGcgGM2w2eZxMJMJ8G7bO0O_29P9g2jjWoylBw-f4Yvfdu__1SxI6QyfYFDPQbrnQ2V7Q94iAr_F8nvYEt7M_Mnm10JNboullj-_5EbZa0QmipqWRl6GIGgpSA5V7y5EOk0vLFSVyeJR9tPkRKG8uESZEQUjkCy_ifLVxdPSAbRzWS-f7fJvGkcyUHh_s6E8_VT1T6XlPiTWmrFvuJUcNnffPVhx_l3YlBk7Q3UVxllGCoDlPlUEgVDYLXWQ9AmZgXNL0vbNKcQcsUnDEC-Lfgr8KX95KnZhoeX09NtHoGBSDFFuhCZd9YVnZB2C0f28FLoqxwBIxg4LOyNjrr_FMP1DCeHDOlvWk_8xh3pMB_5ZZ8AK4wn9agP2E-vocpSzJUghYtYTzGGURGWol_CluXz51XkppBMJhiHBNAVqvICXlpnsRDqJVeoRMiMkMnGor5JCgg4savHpM87dUDmurrElTYALOj8MEnJOQP6gbfV713wTGzd6OQE0sno4kjJXz6lqG8HVbg41eXu-5aBEAapIRoEevHG8-5f6hDl7pbmDc0D6Y1CptD_NsvLrPB8qISuo0dix4Ve8FqtxHvdnFEkpHp-QvlFeFhdxNj3u5QudjYL1BUg6_aIv0OC4yoPnZtpHIJETr19jfwY-AYtvvjdEHLy7atCdMd_op6Cp54w-Bi4M9PPawaFTwXBPEw_wrPG2Q2VV62_7FnzzjboL2KJvppBgUNu5KeLf1XsSCBGJ7XWsp7GFB3v1l__8BT5lEql-gr0FVctWa7OETzU6EuG-Ru_ZcVXr7_5PbEQ9rXnPTbMiKCKDWZnJi_R4Dmo_UtnCw7CHq","date":"2025-11-04T01:57:17.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=91bd9ad1-1a8b-4e6d-b57b-201d1775780a\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=d6c69caa54fd5fdaf8def7abe2268296\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=1 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Tue, 04 Nov 2025 01:57:17 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 479ecd76124999c1632ec56282eaee25\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-23T17:07:55.698935Z","times_seen":15618608,"resource_available":true,"data":null}},"time_used":670,"timings":{"blocked":287,"dns":1,"connect":91,"send":0,"wait":95,"receive":1,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}