{"report_id":"a5d1cc01-bfe7-4aad-ba46-b51ef4082c1c","version":6,"status":"done","tags":["phishing"],"date":"2025-10-13T08:36:24Z","url":{"schema":"http","addr":"pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","fqdn":"pub-61de878776464004b912696c6c2eb40e.r2.dev","domain":"r2.dev","tld":"dev"},"ip":{"addr":"104.18.54.45","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","fqdn":"pub-61de878776464004b912696c6c2eb40e.r2.dev","domain":"r2.dev","tld":"dev"},"title":"Webmail login"},"submit":{"url":{"schema":"http","addr":"pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","fqdn":"pub-61de878776464004b912696c6c2eb40e.r2.dev","domain":"r2.dev","tld":"dev"},"ip":{"addr":"104.18.54.45","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-17T08:36:24Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":3,"analyzer":5}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-13T08:35:57Z","timestamp":1760344557,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.11","port":37730,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2025-10-13T08:35:57.214813+0000\",\"flow_id\":940102740946165,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.11\",\"src_port\":37730,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.11\",\"port\":37730},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-61de878776464004b912696c6c2eb40e.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2674,\"start\":\"2025-10-13T08:35:57.208117+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-13","alert":"Phishing Block","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2024-03-07","alert":"Phishing - Other","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]},"summary":[{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-10-12T22:15:22.841346Z","alert_count":0,"request_count":1,"received_data":20202,"sent_data":539,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-10-12T22:16:17.088796Z","alert_count":0,"request_count":2,"received_data":157533,"sent_data":965,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pub-61de878776464004b912696c6c2eb40e.r2.dev","ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-08-23","domain_rank":0,"first_seen":"2024-03-05T02:10:29Z","last_seen":"2025-10-07T17:48:35.132742Z","alert_count":22,"request_count":4,"received_data":100452,"sent_data":2017,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Font Awesome","description":"Font Awesome is a font and icon toolkit based on CSS and Less.","website":"https://fontawesome.com/","common_platform_enumeration":"","icon":"Font Awesome.svg","categories":["Font scripts"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"Popper:1.12.9","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"BootstrapCDN:4.0.0","description":"BootstrapCDN is a powerful and reliable Content Delivery Network (CDN) that delivers static resources, including CSS, JavaScript, and font files, for the widely-used Bootstrap framework. By leveraging multiple server locations worldwide, BootstrapCDN accelerates website loading times, ensuring a smooth and visually appealing user experience. Additionally, it ensures website compatibility with various devices and browsers. The service reduces bandwidth usage and server load, improving web performance for developers and end-users alike.","website":"https://www.bootstrapcdn.com/","common_platform_enumeration":"","icon":"BootstrapCDN.png","categories":["CDN"]},{"name":"Bootstrap:4.0.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]}]},{"fqdn":"kit.fontawesome.com","ip":{"addr":"104.18.40.68","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-10-18","domain_rank":16651,"first_seen":"2019-03-29T02:12:52Z","last_seen":"2025-10-12T22:44:43.119362Z","alert_count":0,"request_count":1,"received_data":500,"sent_data":507,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"maxcdn.bootstrapcdn.com","ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":6807,"first_seen":"2014-06-18T00:37:31Z","last_seen":"2025-10-12T22:22:05.071412Z","alert_count":0,"request_count":2,"received_data":195709,"sent_data":1082,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"stackpath.bootstrapcdn.com","ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":21970,"first_seen":"2018-04-05T04:41:29Z","last_seen":"2025-10-12T22:32:13.410783Z","alert_count":0,"request_count":1,"received_data":51996,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2025-10-12T22:17:47.775352Z","alert_count":0,"request_count":2,"received_data":173108,"sent_data":944,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-10-12T22:12:24.910527Z","alert_count":0,"request_count":1,"received_data":2036,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-13T08:35:57Z","timestamp":1760344557,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.11","port":37730,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2025-10-13T08:35:57.214813+0000\",\"flow_id\":940102740946165,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.11\",\"src_port\":37730,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.11\",\"port\":37730},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-61de878776464004b912696c6c2eb40e.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2674,\"start\":\"2025-10-13T08:35:57.208117+0000\"}}"}]}],"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.2.1.slim.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f48fc77cac90c4778fa24ec9c57f37d","sha1":"9e89d1515bc4c371b86f4cb1002fd8e377c1829f","sha256":"9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398","sha512":"cab8c4afa1d8e3a8b7856ee29ae92566d44ceead70c8d533f2c98a976d77d0e1d314719b5c6a473789d8c6b21ebb4b89a6b0ec2e1c9c618fb1437ebc77d3a269","ssdeep":"1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT","tlshash":"b663d5d9b2c67062db7730b950bf410bf07a98dab44c8c60e198d8d47d78a99817bf2d","size":69597,"data":"","first_seen":"2023-03-07T01:02:43Z","last_seen":"2026-04-06T10:06:02.936664Z","times_seen":76550,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"14d449eb8876fa55e1ef3c2cc52b0c17","sha1":"a9545831803b1359cfeed47e3b4d6bae68e40e99","sha256":"e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b","sha512":"00d9069b9bd29ad0daa0503f341d67549cce28e888e1affd1a2a45b64a4c1bc460d81cfc4751857f991f2f4fb3d2572fd97fca651ba0c2b0255530209b182f22","ssdeep":"768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B","tlshash":"7523c84a7254b4a202dfa476913f450bb73b389aa60bc16cb95994ed1d7cd8c3227f3c","size":48944,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-06T10:13:50.238331Z","times_seen":103292,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-06T10:09:45.641385Z","times_seen":267528,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js","fqdn":"stackpath.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"67176c242e1bdc20603c878dee836df3","sha1":"27a71b00383d61ef3c489326b3564d698fc1227c","sha256":"56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4","sha512":"9fa75814e1b9f7db38fe61a503a13e60b82d83db8f4ce30351bd08a6b48c0d854baf472d891af23c443c8293380c2325c7b3361b708af9971aa0ea09a25cdd0a","ssdeep":"768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+","tlshash":"3533b649725078b201df9176913f460bb736788ea907816cb95d98ed2e7cd89322bf3c","size":51039,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-06T10:06:57.509711Z","times_seen":120674,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","fqdn":"pub-61de878776464004b912696c6c2eb40e.r2.dev","domain":"r2.dev","tld":"dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0e26b2b7db4993242873f310c1485e56","sha1":"230bea64283d5724dccd9bb3350a3067b8f410ed","sha256":"29e9351168f8492851894e4497bad40e5e27f458d5c5aabcba470c439ba01b39","sha512":"01a31702f962c9852bc209fb28fac72ea073812abbd943cc1cc17120543daa467b57592fd7b1b789966f375c56578a2e605c7859323ad56b7bf23d29be07c66d","ssdeep":"","tlshash":"a261ef04f8a616d2297360ba2bbf9504369a454f0e04cd40b85d7bc89f5cf1ab97a1d7","size":3360,"data":"","first_seen":"2025-02-04T16:34:59.262824Z","last_seen":"2026-03-22T09:34:28.74812Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.1.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e071abda8fe61194711cfc2ab99fe104","sha1":"f647a6d37dc4ca055ced3cf64bbc1f490070acba","sha256":"85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf","sha512":"53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"3183d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","size":86709,"data":"","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-04-06T08:20:49.796968Z","times_seen":138455,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-06T10:09:45.641385Z","times_seen":267528,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"70d3fda195602fe8b75e0097eed74dde","sha1":"c3b977aa4b8dfb69d651e07015031d385ded964b","sha256":"a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66","sha512":"51affb5a8cfd2f93b473007f6987b19a0a1a0fb970ddd59ef45bd77a355d82abbbd60468837a09823496411e797f05b1f962ae93c725ed4c00d514ba40269d14","ssdeep":"384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f","tlshash":"1c82a3cc3291b06643a79167a06f960fb2339979614e9410f199f2d87c70ef9913fc7a","size":19188,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-06T10:13:50.268861Z","times_seen":104079,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pub-61de878776464004b912696c6c2eb40e.r2.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 13 Oct 2025 08:35:58 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6157\r\ncf-ray: 98dd81b11c53c272-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03fa9-4af4\"\r\nlast-modified: Mon, 04 May 2020 16:15:37 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 947617\r\nexpires: Sat, 03 Oct 2026 08:35:58 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=7mPgbrVXESUQIoH%2FgmoxtOUT7VRKRfgDzb9dOeMYrnbctTrhrO5Nk6RHlpfRQw7KeU5AvHmhwl9DfyvHmSqkMax%2FWl2OKBLKweBRlwOLniUNTWhOdqY8wiqYMDIE0mPqUuj4Rmfc\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19188,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (19015)","md5":"70d3fda195602fe8b75e0097eed74dde","sha1":"c3b977aa4b8dfb69d651e07015031d385ded964b","sha256":"a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66","sha512":"51affb5a8cfd2f93b473007f6987b19a0a1a0fb970ddd59ef45bd77a355d82abbbd60468837a09823496411e797f05b1f962ae93c725ed4c00d514ba40269d14","ssdeep":"384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f","tlshash":"1c82a3cc3291b06643a79167a06f960fb2339979614e9410f199f2d87c70ef9913fc7a","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-06T10:13:50.268861Z","times_seen":104079,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":75,"dns":3,"connect":3,"send":0,"wait":10,"receive":1,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:23:24 GMT","end":"Mon, 08 Dec 2025 04:23:14 GMT"},"fingerprint":{"sha1":"2D:94:96:D6:08:54:E8:A2:4A:A9:D7:90:E4:75:91:6B:AC:CB:AA:24","sha256":"24:50:0C:86:73:A4:E6:6C:AD:20:57:80:86:4E:19:B1:E9:76:7F:2A:BE:CC:E9:75:B2:07:67:62:FA:9B:E7:8D"}}},"request":{"raw":"GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1\r\nHost: maxcdn.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pub-61de878776464004b912696c6c2eb40e.r2.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 13 Oct 2025 08:35:58 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncf-ray: 98dd81b18a220daa-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"14d449eb8876fa55e1ef3c2cc52b0c17\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:04 GMT\r\ncdn-cachedat: 03/22/2025 12:19:15\r\ncdn-proxyver: 1.22\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1048\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: d44d92c4ba4b6ac9c3454cc49a32e089\r\ncdn-cache: HIT\r\ncf-cache-status: MISS\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48944,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (48664)","md5":"14d449eb8876fa55e1ef3c2cc52b0c17","sha1":"a9545831803b1359cfeed47e3b4d6bae68e40e99","sha256":"e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b","sha512":"00d9069b9bd29ad0daa0503f341d67549cce28e888e1affd1a2a45b64a4c1bc460d81cfc4751857f991f2f4fb3d2572fd97fca651ba0c2b0255530209b182f22","ssdeep":"768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B","tlshash":"7523c84a7254b4a202dfa476913f450bb73b389aa60bc16cb95994ed1d7cd8c3227f3c","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-06T10:13:50.238331Z","times_seen":103292,"resource_available":true,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":3,"connect":3,"send":0,"wait":68,"receive":0,"ssl":145},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js","fqdn":"stackpath.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:23:24 GMT","end":"Mon, 08 Dec 2025 04:23:14 GMT"},"fingerprint":{"sha1":"2D:94:96:D6:08:54:E8:A2:4A:A9:D7:90:E4:75:91:6B:AC:CB:AA:24","sha256":"24:50:0C:86:73:A4:E6:6C:AD:20:57:80:86:4E:19:B1:E9:76:7F:2A:BE:CC:E9:75:B2:07:67:62:FA:9B:E7:8D"}}},"request":{"raw":"GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1\r\nHost: stackpath.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 13 Oct 2025 08:35:58 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncf-ray: 98dd81b19a07b512-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: US\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"67176c242e1bdc20603c878dee836df3\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:06 GMT\r\ncdn-proxyver: 1.07\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 12/15/2024 13:11:59\r\ncdn-edgestorageid: 1232\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-requestid: cfb80e189243a5697be527a7aeb94f63\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncf-cache-status: HIT\r\nage: 794822\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":51039,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (50758)","md5":"67176c242e1bdc20603c878dee836df3","sha1":"27a71b00383d61ef3c489326b3564d698fc1227c","sha256":"56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4","sha512":"9fa75814e1b9f7db38fe61a503a13e60b82d83db8f4ce30351bd08a6b48c0d854baf472d891af23c443c8293380c2325c7b3361b708af9971aa0ea09a25cdd0a","ssdeep":"768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+","tlshash":"3533b649725078b201df9176913f460bb736788ea907816cb95d98ed2e7cd89322bf3c","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-06T10:06:57.509711Z","times_seen":120674,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":-1,"dns":4,"connect":9,"send":0,"wait":19,"receive":0,"ssl":136},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:42:00 GMT","end":"Mon, 15 Dec 2025 08:41:59 GMT"},"fingerprint":{"sha1":"E9:4F:AE:49:69:8C:15:95:B2:F7:9C:C0:6F:DA:FF:C6:06:1A:22:46","sha256":"89:56:CA:FF:85:BC:CA:ED:64:3B:13:28:77:62:7B:0C:FD:25:AB:78:F3:7E:B5:34:21:E4:79:F2:F9:D2:8C:E7"}}},"request":{"raw":"GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30028\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 06 Oct 2025 10:04:18 GMT\r\nexpires: Tue, 06 Oct 2026 10:04:18 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 599500\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":85578,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-06T10:09:45.641385Z","times_seen":267528,"resource_available":true,"data":null}},"time_used":384,"timings":{"blocked":168,"dns":1,"connect":17,"send":0,"wait":23,"receive":17,"ssl":153},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:23:24 GMT","end":"Mon, 08 Dec 2025 04:23:14 GMT"},"fingerprint":{"sha1":"2D:94:96:D6:08:54:E8:A2:4A:A9:D7:90:E4:75:91:6B:AC:CB:AA:24","sha256":"24:50:0C:86:73:A4:E6:6C:AD:20:57:80:86:4E:19:B1:E9:76:7F:2A:BE:CC:E9:75:B2:07:67:62:FA:9B:E7:8D"}}},"request":{"raw":"GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1\r\nHost: maxcdn.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pub-61de878776464004b912696c6c2eb40e.r2.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 13 Oct 2025 08:35:58 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncf-ray: 98dd81b19a390daa-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"450fc463b8b1a349df717056fbb3e078\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:04 GMT\r\ncdn-cachedat: 07/21/2025 22:36:56\r\ncdn-proxyver: 1.32\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1048\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: a28754920ca57b0a4765335360689229\r\ncdn-cache: HIT\r\ncf-cache-status: HIT\r\nage: 485271\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":144877,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65325)","md5":"450fc463b8b1a349df717056fbb3e078","sha1":"895125a4522a3b10ee7ada06ee6503587cbf95c5","sha256":"2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d","sha512":"93bf1ed5f6d8b34f53413a86efd4a925d578c97abc757ea871f3f46f340745e4126c48219d2e8040713605b64a9ecf7ad986aa8102f5ea5ecf9228801d962f5d","ssdeep":"1536:GcoqwrUPyDHU7c7TcDEBi82NcuSELL4d/+oENM6HN26Q:VoPgPard2oENM6HN26Q","tlshash":"f6e37667f591322da097ca1851c0bbfa466f8156d6221ffbf4273b604b8a6c70a73d0d","first_seen":"2023-04-05T03:09:34Z","last_seen":"2026-04-06T09:36:38.170418Z","times_seen":53226,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":164,"dns":2,"connect":1,"send":0,"wait":16,"receive":0,"ssl":165},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.2.1.slim.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.2.1.slim.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pub-61de878776464004b912696c6c2eb40e.r2.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-10fdd\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Mon, 13 Oct 2025 08:35:58 GMT\r\nage: 2304529\r\nx-served-by: cache-lga21963-LGA, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 38, 58352\r\nx-timer: S1760344558.380901,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 23856\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69597,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32012)","md5":"5f48fc77cac90c4778fa24ec9c57f37d","sha1":"9e89d1515bc4c371b86f4cb1002fd8e377c1829f","sha256":"9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398","sha512":"cab8c4afa1d8e3a8b7856ee29ae92566d44ceead70c8d533f2c98a976d77d0e1d314719b5c6a473789d8c6b21ebb4b89a6b0ec2e1c9c618fb1437ebc77d3a269","ssdeep":"1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT","tlshash":"b663d5d9b2c67062db7730b950bf410bf07a98dab44c8c60e198d8d47d78a99817bf2d","first_seen":"2023-03-07T01:02:43Z","last_seen":"2026-04-06T10:06:02.936664Z","times_seen":76550,"resource_available":true,"data":null}},"time_used":407,"timings":{"blocked":184,"dns":26,"connect":35,"send":0,"wait":27,"receive":8,"ssl":117},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-61de878776464004b912696c6c2eb40e.r2.dev/css/hover.css","fqdn":"pub-61de878776464004b912696c6c2eb40e.r2.dev","domain":"r2.dev","tld":"dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 09:56:53 GMT","end":"Wed, 17 Dec 2025 09:56:52 GMT"},"fingerprint":{"sha1":"42:45:14:9F:77:16:12:91:61:33:4D:A3:61:F1:41:F6:3D:0C:CD:7F","sha256":"55:75:05:61:F9:89:A2:5C:63:68:3D:C5:1D:B3:16:92:7A:29:38:F4:0C:D3:A7:AF:FB:C4:B1:28:68:FA:09:F1"}}},"request":{"raw":"GET /css/hover.css HTTP/1.1\r\nHost: pub-61de878776464004b912696c6c2eb40e.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 13 Oct 2025 08:35:58 GMT\r\nContent-Type: text/html\r\nContent-Length: 27150\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 98dd81b37f1532fa-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27150,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (611)","md5":"46dd133ee00dc1bae5e4eeba7b88432f","sha1":"8af86a4ac91ce48c062216fb94a6e1d57618a19b","sha256":"9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66","sha512":"cb49f9e3812e2c262af374e79bd8905cb508a45bf2c2d6af62eed85af43770872486a55e9425882feda9fb3a57a317a3c18be1e286adaf0c76be7f1b0dfa8474","ssdeep":"384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3","tlshash":"e3c291dc7be968e4e5de43aaef2831a8320ba0fb17425904f51d12142f0655cec6f6ed","first_seen":"2024-07-03T19:18:11Z","last_seen":"2026-04-06T09:38:06.486102Z","times_seen":30160,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":157,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-13","alert":"Phishing Block","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:42:00 GMT","end":"Mon, 15 Dec 2025 08:41:59 GMT"},"fingerprint":{"sha1":"E9:4F:AE:49:69:8C:15:95:B2:F7:9C:C0:6F:DA:FF:C6:06:1A:22:46","sha256":"89:56:CA:FF:85:BC:CA:ED:64:3B:13:28:77:62:7B:0C:FD:25:AB:78:F3:7E:B5:34:21:E4:79:F2:F9:D2:8C:E7"}}},"request":{"raw":"GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 30028\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 06 Oct 2025 10:04:18 GMT\r\nexpires: Tue, 06 Oct 2026 10:04:18 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 599500\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":85578,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-06T10:09:45.641385Z","times_seen":267528,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":17,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-61de878776464004b912696c6c2eb40e.r2.dev/favicon.ico","fqdn":"pub-61de878776464004b912696c6c2eb40e.r2.dev","domain":"r2.dev","tld":"dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 09:56:53 GMT","end":"Wed, 17 Dec 2025 09:56:52 GMT"},"fingerprint":{"sha1":"42:45:14:9F:77:16:12:91:61:33:4D:A3:61:F1:41:F6:3D:0C:CD:7F","sha256":"55:75:05:61:F9:89:A2:5C:63:68:3D:C5:1D:B3:16:92:7A:29:38:F4:0C:D3:A7:AF:FB:C4:B1:28:68:FA:09:F1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: pub-61de878776464004b912696c6c2eb40e.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 13 Oct 2025 08:35:59 GMT\r\nContent-Type: text/html\r\nContent-Length: 27150\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 98dd81b51b3032fa-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27150,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (611)","md5":"46dd133ee00dc1bae5e4eeba7b88432f","sha1":"8af86a4ac91ce48c062216fb94a6e1d57618a19b","sha256":"9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66","sha512":"cb49f9e3812e2c262af374e79bd8905cb508a45bf2c2d6af62eed85af43770872486a55e9425882feda9fb3a57a317a3c18be1e286adaf0c76be7f1b0dfa8474","ssdeep":"384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3","tlshash":"e3c291dc7be968e4e5de43aaef2831a8320ba0fb17425904f51d12142f0655cec6f6ed","first_seen":"2024-07-03T19:18:11Z","last_seen":"2026-04-06T09:38:06.486102Z","times_seen":30160,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":154,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-13","alert":"Phishing Block","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","fqdn":"pub-61de878776464004b912696c6c2eb40e.r2.dev","domain":"r2.dev","tld":"dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-13T08:35:57.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 09:56:53 GMT","end":"Wed, 17 Dec 2025 09:56:52 GMT"},"fingerprint":{"sha1":"42:45:14:9F:77:16:12:91:61:33:4D:A3:61:F1:41:F6:3D:0C:CD:7F","sha256":"55:75:05:61:F9:89:A2:5C:63:68:3D:C5:1D:B3:16:92:7A:29:38:F4:0C:D3:A7:AF:FB:C4:B1:28:68:FA:09:F1"}}},"request":{"raw":"GET /ffdd.html HTTP/1.1\r\nHost: pub-61de878776464004b912696c6c2eb40e.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 13 Oct 2025 08:35:57 GMT\r\nContent-Type: text/html\r\nContent-Length: 18067\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"b517c26a58799c08383a0ce058c00bb4\"\r\nLast-Modified: Wed, 28 Feb 2024 18:14:33 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 98dd81aaab2032fa-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Font Awesome","description":"Font Awesome is a font and icon toolkit based on CSS and Less.","website":"https://fontawesome.com/","common_platform_enumeration":"","icon":"Font Awesome.svg","categories":["Font scripts"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"Popper:1.12.9","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"BootstrapCDN:4.0.0","description":"BootstrapCDN is a powerful and reliable Content Delivery Network (CDN) that delivers static resources, including CSS, JavaScript, and font files, for the widely-used Bootstrap framework. By leveraging multiple server locations worldwide, BootstrapCDN accelerates website loading times, ensuring a smooth and visually appealing user experience. Additionally, it ensures website compatibility with various devices and browsers. The service reduces bandwidth usage and server load, improving web performance for developers and end-users alike.","website":"https://www.bootstrapcdn.com/","common_platform_enumeration":"","icon":"BootstrapCDN.png","categories":["CDN"]},{"name":"Bootstrap:4.0.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]}],"data":{"size":18067,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7243), with CRLF line terminators","md5":"b517c26a58799c08383a0ce058c00bb4","sha1":"5d01103bf1ab7440fd01c00d5b9f9b785017ca2b","sha256":"84d858bced9547181292c63a75341a590c5394467ba465ff80fe82978f298170","sha512":"cea8a0853eb841900ba65b5a08f0364fdc0dc8ea71b92a28a9a62c5893a2a90cc7ca1bfd45aeb108e614cfb86a6c7e9ca0e9bbdeb5723e16a89682cc35ae14e5","ssdeep":"192:QjFiSJJxqracVNWnpViOb20tELWtro89Z0/o8inMRq35cg/wa3TlWut4ItkwDC9S:6XwFVYnzicEMlnwqNLDlT44kh98f0c","tlshash":"4b82f811988414a315356aea97f85d4dfb45a1039e038f40f1fe6f6a4fb7e0e790758c","first_seen":"2025-02-04T16:34:59.246599Z","last_seen":"2026-03-22T09:34:28.721155Z","times_seen":38,"resource_available":true,"data":null}},"time_used":733,"timings":{"blocked":27,"dns":7,"connect":2,"send":0,"wait":677,"receive":1,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-13","alert":"Phishing Block","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2024-03-07","alert":"Phishing - Other","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.1.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.1.1.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-152b5\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Mon, 13 Oct 2025 08:35:58 GMT\r\nage: 4739777\r\nx-served-by: cache-lga21947-LGA, cache-hel1410028-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 118, 54041\r\nx-timer: S1760344558.365677,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30070\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86709,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32030)","md5":"e071abda8fe61194711cfc2ab99fe104","sha1":"f647a6d37dc4ca055ced3cf64bbc1f490070acba","sha256":"85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf","sha512":"53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65","ssdeep":"1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5","tlshash":"3183d5d9b2c670529b7730b850bf450bb17a98dab44c8d60f058c5d57eb8a8e507bf2c","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-04-06T08:20:49.796968Z","times_seen":138455,"resource_available":true,"data":null}},"time_used":404,"timings":{"blocked":193,"dns":31,"connect":16,"send":0,"wait":14,"receive":6,"ssl":135},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Archivo+Narrow\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Sep 2025 08:41:52 GMT","end":"Mon, 15 Dec 2025 08:41:51 GMT"},"fingerprint":{"sha1":"04:E6:D3:58:E3:A1:E3:05:2B:C3:56:5D:68:BB:1B:0A:08:C6:E3:FB","sha256":"25:4C:B3:A3:9A:E1:D7:FD:25:B6:BF:E9:AA:97:95:20:5D:F2:15:EA:41:46:B6:6B:01:17:19:26:EC:EF:D3:CA"}}},"request":{"raw":"GET /css?family=Archivo+Narrow\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 13 Oct 2025 08:35:58 GMT\r\ndate: Mon, 13 Oct 2025 08:35:58 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1350,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"0c1a3767180e21f36215c64938fac3e4","sha1":"df3d3fc64c874c5813a6a8f9f2afafe1c1802464","sha256":"4f78390a7baa7c0590e7f52781c20dfa1847794c05b917fa0c8c15da6d954930","sha512":"5082018bbdc3994396f5c96870c415fe36f684ea391524979f1cdb6237aad7ae934471574f35b2cfcd849c1ac588d07551da798c19c62befa063206b8fdfcf40","ssdeep":"","tlshash":"1721ee90246a9600e6c70cc623cf7f32ae4e62d0bc41d039affe18d99c8ec22132970d","first_seen":"2025-09-11T22:04:41.369334Z","last_seen":"2026-04-06T07:48:45.655966Z","times_seen":3243,"resource_available":false,"data":null}},"time_used":366,"timings":{"blocked":162,"dns":1,"connect":25,"send":0,"wait":30,"receive":0,"ssl":129},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kit.fontawesome.com/585b051251.js","fqdn":"kit.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"104.18.40.68","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 23 Aug 2025 21:04:01 GMT","end":"Fri, 21 Nov 2025 22:03:57 GMT"},"fingerprint":{"sha1":"CC:FF:C9:AB:7D:4F:0E:BD:2F:0D:51:59:D6:60:F9:CD:7D:68:E5:4B","sha256":"EF:79:B2:3F:26:48:FD:84:D5:42:BF:1E:35:73:D2:4A:8A:DB:54:C5:37:B0:F6:75:31:FE:6A:BC:D5:8A:F4:C2"}}},"request":{"raw":"GET /585b051251.js HTTP/1.1\r\nHost: kit.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pub-61de878776464004b912696c6c2eb40e.r2.dev\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Mon, 13 Oct 2025 08:35:58 GMT\r\ncontent-length: 9\r\ncf-ray: 98dd81b0dd8bb28a-OSL\r\naccess-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 3000\r\ncache-control: max-age=0, private, must-revalidate\r\nx-request-id: GG4ADJBLGNS4-aeNPi9B\r\ncf-cache-status: MISS\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9,"size_decoded":0,"mime_type":"application/x-javascript","magic":"ASCII text, with no line terminators","md5":"722969577a96ca3953e84e3d949dee81","sha1":"3dab5f6012e3e149b5a939b9cebba4a0b84dc8f5","sha256":"78342a0905a72ce44da083dcb5d23b8ea0c16992ba2a82eece97e033d76ba3d3","sha512":"54b2b4596cd1769e46a12a0ca6ede70468985cf8771c2b11e75b3f52567a64418bc24c067d96d52037e0e135e7a7ff828ad0241d55b827506e1c67de1caee8bc","ssdeep":"","tlshash":"26500000000c000c33c3030000000f000003030000030000cf000003000000c00c000c","first_seen":"2023-04-05T07:39:32Z","last_seen":"2026-04-06T10:20:03.128114Z","times_seen":25142,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":44,"dns":1,"connect":3,"send":0,"wait":169,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-61de878776464004b912696c6c2eb40e.r2.dev/css/hover.css","fqdn":"pub-61de878776464004b912696c6c2eb40e.r2.dev","domain":"r2.dev","tld":"dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html","date":"2025-10-13T08:35:58.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 18 Sep 2025 09:56:53 GMT","end":"Wed, 17 Dec 2025 09:56:52 GMT"},"fingerprint":{"sha1":"42:45:14:9F:77:16:12:91:61:33:4D:A3:61:F1:41:F6:3D:0C:CD:7F","sha256":"55:75:05:61:F9:89:A2:5C:63:68:3D:C5:1D:B3:16:92:7A:29:38:F4:0C:D3:A7:AF:FB:C4:B1:28:68:FA:09:F1"}}},"request":{"raw":"GET /css/hover.css HTTP/1.1\r\nHost: pub-61de878776464004b912696c6c2eb40e.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pub-61de878776464004b912696c6c2eb40e.r2.dev/ffdd.html\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Mon, 13 Oct 2025 08:35:58 GMT\r\nContent-Type: text/html\r\nContent-Length: 27150\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 98dd81b0788632fa-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27150,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (611)","md5":"46dd133ee00dc1bae5e4eeba7b88432f","sha1":"8af86a4ac91ce48c062216fb94a6e1d57618a19b","sha256":"9eb52ee46c7ab5ea4ca0982415da99fded1b7d7354f75e50847bdae6cb44eb66","sha512":"cb49f9e3812e2c262af374e79bd8905cb508a45bf2c2d6af62eed85af43770872486a55e9425882feda9fb3a57a317a3c18be1e286adaf0c76be7f1b0dfa8474","ssdeep":"384:6bamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:603Mp5If8WOmgW3","tlshash":"e3c291dc7be968e4e5de43aaef2831a8320ba0fb17425904f51d12142f0655cec6f6ed","first_seen":"2024-07-03T19:18:11Z","last_seen":"2026-04-06T09:38:06.486102Z","times_seen":30160,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-13","alert":"Phishing Block","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-13","alert":"Sinkholed","trigger":"pub-61de878776464004b912696c6c2eb40e.r2.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Known Phishing Kit detected","verdict":"phishing","severity":"high","comment":"","tags":["phishing"],"meta":null}]}}]}