{"report_id":"a64e8d6f-14cc-4146-b137-9f0f05f10a1c","version":6,"status":"done","tags":[],"date":"2026-02-14T12:19:30Z","url":{"schema":"https","addr":"scamstack.net/","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"104.21.19.126","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"scamstack.net/en","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"title":"Scam Stack — Investigations of Scams, Phishing, and Crypto Fraud","dom":{"size":11415,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (664)","md5":"af6a9a094034218ed964c6582836b619","sha1":"5bed18e733ff5dddd91cab78ba63e74c4b6d4434","sha256":"1a6351fc03c0e5219015e6c7c4f68c29154f73557c5ddd966d37df84ecc5b393","sha512":"d6df00935e3709e0eea834cb868650bbad9001bb4657d073a98a61a710355a1e66ee905318e81024d87b1c353dbf4ffa02ae812d5998d20efa11b32b4a799c3c","ssdeep":"192:/y01MU3XiaS+IcG3cm/LoM3RN22YxJrarDiJPW40EF6dA9Sq:q0zqgpHM3RM2Y7aviJPt0E4dW","tlshash":"b23294535df4603ae2c2a192abf17b98ee8a504ba9485c5433dd0acd8fe1f97cc5321c","dom_hash":"domhash17ad97ce29a7b8f9e139675bf2cd354a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"scamstack.net/","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"104.21.19.126","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-21T12:19:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"scamstack.net","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-08","domain_rank":0,"first_seen":"2026-02-13T02:06:07.958274Z","last_seen":"2026-02-13T02:06:07.958274Z","alert_count":10,"request_count":10,"received_data":697222,"sent_data":5138,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-02-08T22:14:51.234086Z","alert_count":0,"request_count":6,"received_data":171115,"sent_data":3351,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.20.170","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-02-08T22:17:48.645662Z","alert_count":0,"request_count":1,"received_data":18078,"sent_data":515,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"scamstack.net/js/main.js","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0270899cbb078e7f4932ac1060bc55d9","sha1":"bcf708172cc97d228c5eb453ef834cd9b26cbc9a","sha256":"6853848686d023558491ce6701b5fa03652b439bc883729666ff045a60c4ea63","sha512":"8f82859dc3d35cdb6e3e243d4e233445bd4ec96da3d3e3d2d97848f29f7653456a60b2a4a2ec67b4fde2e1080913d9df5f4ebbd0837bce557833c74e49c477b3","ssdeep":"","tlshash":"5751120c92f2543585cb62fd5be72682be30155b3844c8a9374cc7889f86fca74a76d8","size":3171,"data":"","first_seen":"2026-02-13T02:06:12.486388Z","last_seen":"2026-02-14T12:19:31.7308Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scamstack.net/en","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"76a11cfa6d3d180956e919a8b7f094ba","sha1":"7ef95902d65e8daf5bece5e621ff6551b6dc872a","sha256":"17ac04c812546ff25d8bdbf5e4ebc7d552cb1c85ed7166d16945f3e7ae72e26e","sha512":"ab6b2052f18f42ef3fb983da5f30c4fd9d2f93c9785b472709816aa4ef7bbf39f883e903acd8aec422ca214b45a122c128c547fc05ea0ac939e1a5b3afaf22ad","ssdeep":"","tlshash":"a6f020a63caa4034c3b712a52bb79154343b292f384eec12f55c18563f50aa508ab91c","size":603,"data":"","first_seen":"2026-02-13T02:06:12.508698Z","last_seen":"2026-02-14T12:19:31.732811Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"scamstack.net/uploads/1767992012057-178250914.webp","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"scamstack.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 08 Jan 2026 22:47:33 GMT","end":"Wed, 08 Apr 2026 23:44:58 GMT"},"fingerprint":{"sha1":"27:0E:42:7A:9C:B6:BD:C1:C1:F4:AD:6A:C0:64:2E:B4:51:E8:0C:86","sha256":"91:4C:0A:C1:45:61:C0:A6:91:FF:34:BF:F2:E5:4F:C3:B8:23:FE:FD:E8:BE:18:05:BE:8E:99:AB:2D:11:79:FA"}}},"request":{"raw":"GET /uploads/1767992012057-178250914.webp HTTP/1.1\r\nHost: scamstack.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3ABwnfLqBzrcT6MJQYCrKTTm_v1X0Yu4wf.A0UsMtOreXGflrfCWxu0DcVh1JyL2yQNaoe4vqAvblU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 12:19:08 GMT\r\ncontent-type: image/webp\r\ncontent-length: 117388\r\ncontent-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;img-src 'self' data: blob:;connect-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 09 Jan 2026 20:53:32 GMT\r\netag: W/\"1ca8c-19ba4892d1a\"\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Jr3M8fc6bAP%2F1gAd%2FVeVPuiHqrPLc81pN7Ew5ig7XhRtCES981fgBxlIDoYZUlZueO3CLtF1rMR%2BsvYQosL%2BTuSQ18e6cAvQVi9JB1g%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9cdc831c3aff2d96-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":117388,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1536x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7d331e3ec4668f82c46fc5f69d6d1669","sha1":"a4bd70f2b4d67c430cafcbcbcc47c0c1836b25ec","sha256":"eca47f026d7c0fcaea592c34c8d369b7ad686091c009f6eb29d83a761b50eda7","sha512":"6281a82406a91affd2528216d42a844a496521308b610d87e08b060e6a8537660cc4409c38fedfa88a8df5f504d36004535d7b371623868d00af6f322203a2cf","ssdeep":"3072:TyiOVavU/SxA4+3vODcqlwd79KSgyyILRK6/a8:Ty5sMX7OQql0oSgsME","tlshash":"e4b3127b11077e7dc298d1b3f65aa15c8b6d6b7e0a2ad615bc17323c147b82334b2472","first_seen":"2026-02-13T02:06:12.490618Z","last_seen":"2026-02-14T12:19:31.72063Z","times_seen":2,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":71,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"scamstack.net/logo.png","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"scamstack.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 08 Jan 2026 22:47:33 GMT","end":"Wed, 08 Apr 2026 23:44:58 GMT"},"fingerprint":{"sha1":"27:0E:42:7A:9C:B6:BD:C1:C1:F4:AD:6A:C0:64:2E:B4:51:E8:0C:86","sha256":"91:4C:0A:C1:45:61:C0:A6:91:FF:34:BF:F2:E5:4F:C3:B8:23:FE:FD:E8:BE:18:05:BE:8E:99:AB:2D:11:79:FA"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: scamstack.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3ABwnfLqBzrcT6MJQYCrKTTm_v1X0Yu4wf.A0UsMtOreXGflrfCWxu0DcVh1JyL2yQNaoe4vqAvblU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 12:19:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 113085\r\ncontent-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;img-src 'self' data: blob:;connect-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 09 Jan 2026 02:34:54 GMT\r\netag: W/\"1b9bd-19ba09b58b0\"\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wgtEBMkstoanJlBvn0mI83MvfUCj%2F%2Bdm4XHKQ39rWO0jH0fKBQqrK7sqZLW9P%2FKHEFRzC4P7MhVviU%2B4saR4jPKeU5jUPki7dHpl66Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9cdc831aff332d96-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":113085,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 334 x 334, 8-bit/color RGBA, non-interlaced","md5":"08ef707c9ed29a010d728aa8f5930d19","sha1":"91eb01169e21788110cb8dad2a1b585edd6e00e8","sha256":"a74afa1b15a9ea92e6940e1a7d9b324164469dcea2abd086ff8d886c20419094","sha512":"fbb6cff098d3710ffbb63cc2a98acc2d78d56ce879e31fffd79922c7b4ae5ac7a850de8f1859893719cac112d5db0ceb7b77e915c53581da38f11c2d7dc46c77","ssdeep":"3072:C4eqRt1CDUXhLl+YpVNeLcLhP5vGXWbRLcatyRlK:Cq31CDyHgLEP5eXWhcK+lK","tlshash":"95b31201b4d63e14ad85a23d3c0fa07562aff476a3b389cd8816c3997d235f90eea531","first_seen":"2026-02-13T02:06:12.454207Z","last_seen":"2026-02-14T12:19:31.722372Z","times_seen":2,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/chakrapetch/v13/cIflMapbsEk7TDLdtEz1BwkeJI91R5_F.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/chakrapetch/v13/cIflMapbsEk7TDLdtEz1BwkeJI91R5_F.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://scamstack.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 9900\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 01:01:57 GMT\r\nexpires: Sat, 13 Feb 2027 01:01:57 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 16 Sep 2025 13:25:59 GMT\r\ncontent-type: font/woff2\r\nage: 127031\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9900,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 9900, version 1.0","md5":"56706b63a0f0391ea247202feebe2a68","sha1":"d09f6c283158a5c34a1a0fb3f1f2149989f05956","sha256":"ce5095dc1cb200aaa939e38067a0677018d10e9f26ec38cdcf1557ac524fc775","sha512":"b15d8da95c966ea4751ce32272f0dbb88c730994096cb7e1a2a5386942529e63c38ac0eba17dc4321efaf637b9b1a4b1bf9c75988e7b0ac0040b3a5bfa793774","ssdeep":"192:3jKminRc+/sXhY52YXvSTChIrFNmg8aa9FrQUJuE4MhlmY1A4NRX:3jFinGRhY52Yz4F7a9FdiY2kB","tlshash":"eb12b03042bd76a1f6bfedf611a732371007a05102a669379faf132d5e7aba01c4165b","first_seen":"2025-04-26T08:41:49.507205Z","last_seen":"2026-06-08T04:21:30.972735Z","times_seen":2044,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":68,"dns":2,"connect":7,"send":0,"wait":9,"receive":1,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ibmplexsans/v23/zYXzKVElMYYaJe8bpLHnCwDKr932-G7dytD-Dmu1syxeKYbSAYZgVNU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/ibmplexsans/v23/zYXzKVElMYYaJe8bpLHnCwDKr932-G7dytD-Dmu1syxeKYbSAYZgVNU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://scamstack.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 45428\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 02:58:53 GMT\r\nexpires: Sat, 13 Feb 2027 02:58:53 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:10:51 GMT\r\ncontent-type: font/woff2\r\nage: 120015\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45428,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 45428, version 1.0","md5":"6b4b2adf4d0ee4301d394be6ecadeee3","sha1":"5facbf6ce85bb54b7478aed0ff40d7b67dfd60a4","sha256":"c5f70ddee640c270adabe47bdf8a589e237a5b5a10a5038fbc032f9f52225aae","sha512":"73f78a8a4448092fd0f477d8c4b849a7fd7babb512738874c352e8829f546443cbd7a3d431db865190a97911221fea74213822371adfca00dd2273d21a48dd58","ssdeep":"768:fympPv9IwdVTCobEyKKY1qlbGgjQhnX5sB4Gx4OVKKEoOMVN7/J2xh:fym9CXWY1qlqmOnJO4Gx4DKEo5VN1+","tlshash":"bb1301bf0376b9188250fa62aa6c3a9b765fbfb0b27608134a5b734d4c5047fde54318","first_seen":"2025-02-05T08:08:56.385262Z","last_seen":"2026-06-08T10:25:55.876745Z","times_seen":7838,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":63,"dns":0,"connect":0,"send":0,"wait":9,"receive":10,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/chakrapetch/v13/cIflMapbsEk7TDLdtEz1BwkeQI51R5_F.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/chakrapetch/v13/cIflMapbsEk7TDLdtEz1BwkeQI51R5_F.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://scamstack.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 9968\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 02:54:28 GMT\r\nexpires: Sat, 13 Feb 2027 02:54:28 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 16 Sep 2025 13:25:59 GMT\r\ncontent-type: font/woff2\r\nage: 120280\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9968,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 9968, version 1.0","md5":"27489a49946962e82703dd093454687e","sha1":"cd2df6837df3d88d34556a59a343df6737841e17","sha256":"a5888696e9eb1b4bbbecc8eb3922b8369f49d4bddb72263e033cbd17f399be76","sha512":"03f275513139cd8c50bd580207c7df2901189a6819831d32428d946b508a40c5f32f800617f33ed455d72b0120e0833ccfb6f5ca3085369f5b406c5f3b0e6502","ssdeep":"192:KQaReCGr+Te5/TrI8NwdzZbtsfjKBGZtGJgtskLTRdRHhi2iBqMA4LKoP3G2Z:DzCi8iTEgu5SbiGGaB7chJLKoP3r","tlshash":"5622bf71e8480b7cc54f3fb8ba9a4c8fb35fd413ad4b4c5030896eb05597e1b5a4a682","first_seen":"2025-04-26T08:41:49.515892Z","last_seen":"2026-06-08T04:21:30.911606Z","times_seen":1622,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":55,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ibmplexsans/v23/zYXzKVElMYYaJe8bpLHnCwDKr932-G7dytD-Dmu1syxeKYbSAYZgVNU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/ibmplexsans/v23/zYXzKVElMYYaJe8bpLHnCwDKr932-G7dytD-Dmu1syxeKYbSAYZgVNU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://scamstack.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 45428\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 02:58:53 GMT\r\nexpires: Sat, 13 Feb 2027 02:58:53 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:10:51 GMT\r\ncontent-type: font/woff2\r\nage: 120015\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45428,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 45428, version 1.0","md5":"6b4b2adf4d0ee4301d394be6ecadeee3","sha1":"5facbf6ce85bb54b7478aed0ff40d7b67dfd60a4","sha256":"c5f70ddee640c270adabe47bdf8a589e237a5b5a10a5038fbc032f9f52225aae","sha512":"73f78a8a4448092fd0f477d8c4b849a7fd7babb512738874c352e8829f546443cbd7a3d431db865190a97911221fea74213822371adfca00dd2273d21a48dd58","ssdeep":"768:fympPv9IwdVTCobEyKKY1qlbGgjQhnX5sB4Gx4OVKKEoOMVN7/J2xh:fym9CXWY1qlqmOnJO4Gx4DKEo5VN1+","tlshash":"bb1301bf0376b9188250fa62aa6c3a9b765fbfb0b27608134a5b734d4c5047fde54318","first_seen":"2025-02-05T08:08:56.385262Z","last_seen":"2026-06-08T10:25:55.876745Z","times_seen":7838,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":146,"dns":2,"connect":9,"send":0,"wait":8,"receive":3,"ssl":130},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scamstack.net/favicon.svg","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:09.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"scamstack.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 08 Jan 2026 22:47:33 GMT","end":"Wed, 08 Apr 2026 23:44:58 GMT"},"fingerprint":{"sha1":"27:0E:42:7A:9C:B6:BD:C1:C1:F4:AD:6A:C0:64:2E:B4:51:E8:0C:86","sha256":"91:4C:0A:C1:45:61:C0:A6:91:FF:34:BF:F2:E5:4F:C3:B8:23:FE:FD:E8:BE:18:05:BE:8E:99:AB:2D:11:79:FA"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: scamstack.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3ABwnfLqBzrcT6MJQYCrKTTm_v1X0Yu4wf.A0UsMtOreXGflrfCWxu0DcVh1JyL2yQNaoe4vqAvblU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 12:19:09 GMT\r\ncontent-type: image/svg+xml\r\ncontent-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;img-src 'self' data: blob:;connect-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 09 Jan 2026 03:13:51 GMT\r\netag: W/\"24eee-19ba0bf0198\"\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\npriority: u=6,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ILpEsOSw7YEqEYU9fXWSw1%2FI73VnhHfQB0DJfWSkIdIHXlfY2NqrMk5iZAYSADsnWudKUV5oo6B%2B9MOqqzC4LW1%2F4E9ftp863WaC4YU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9cdc831d5ec72d96-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":151278,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5535862b910d7a6df875cdb9a2d31c02","sha1":"8a0ec40a17485623f4b458acaa37304962f0920e","sha256":"187e85dcf46359737ce15992eb8183b0ffeee7cd79f233fa15f915a103b4ceea","sha512":"c91bc058358e2c7b20f42b5ec73cb4eb09f745c7d34b01b576c999eec1218123f4234ba34d5957f2fbc8ae1dddf736529ac9fb49dda7ee523bbb62392891597f","ssdeep":"3072:fWpUty7Dk5WeoDbqntqvACPNMW9HcyIqd7se/U+6giK4Ika8MFh5t:fWpUty7DkgJEqvASNMWhc0Dia5f","tlshash":"0ee312310ac83d9367bb679c13e9fb1db0050dae76b861b290e207ad5df43f581a51a8","first_seen":"2026-02-13T02:06:12.497043Z","last_seen":"2026-02-14T12:19:31.725241Z","times_seen":2,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":60,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"scamstack.net/","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-14T12:19:08.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"scamstack.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 08 Jan 2026 22:47:33 GMT","end":"Wed, 08 Apr 2026 23:44:58 GMT"},"fingerprint":{"sha1":"27:0E:42:7A:9C:B6:BD:C1:C1:F4:AD:6A:C0:64:2E:B4:51:E8:0C:86","sha256":"91:4C:0A:C1:45:61:C0:A6:91:FF:34:BF:F2:E5:4F:C3:B8:23:FE:FD:E8:BE:18:05:BE:8E:99:AB:2D:11:79:FA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: scamstack.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Sat, 14 Feb 2026 12:19:08 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;img-src 'self' data: blob:;connect-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nlocation: /en\r\nvary: Accept, Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: connect.sid=s%3ABwnfLqBzrcT6MJQYCrKTTm_v1X0Yu4wf.A0UsMtOreXGflrfCWxu0DcVh1JyL2yQNaoe4vqAvblU; Path=/; Expires=Sat, 21 Feb 2026 12:19:08 GMT; HttpOnly; Secure; SameSite=Lax\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CozRbMXf0%2BD%2B4FpCauxt4jVrAoGDcxlOMiNQXZzI0vx5ZCiDV8W602Uqhyb7BO3o2OUyZ49jxQ8nEkSG3%2BdAEtc4roo4%2F8bjaso6NVE%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9cdc83185bd6a0cd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11327,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T10:34:26.034599Z","times_seen":16237034,"resource_available":true,"data":null}},"time_used":233,"timings":{"blocked":47,"dns":18,"connect":8,"send":0,"wait":133,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"scamstack.net/en","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-14T12:19:08.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"scamstack.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 08 Jan 2026 22:47:33 GMT","end":"Wed, 08 Apr 2026 23:44:58 GMT"},"fingerprint":{"sha1":"27:0E:42:7A:9C:B6:BD:C1:C1:F4:AD:6A:C0:64:2E:B4:51:E8:0C:86","sha256":"91:4C:0A:C1:45:61:C0:A6:91:FF:34:BF:F2:E5:4F:C3:B8:23:FE:FD:E8:BE:18:05:BE:8E:99:AB:2D:11:79:FA"}}},"request":{"raw":"GET /en HTTP/1.1\r\nHost: scamstack.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3ABwnfLqBzrcT6MJQYCrKTTm_v1X0Yu4wf.A0UsMtOreXGflrfCWxu0DcVh1JyL2yQNaoe4vqAvblU\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 14 Feb 2026 12:19:08 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;img-src 'self' data: blob:;connect-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cbGqgwHYMq2fxPlzzPyH3hGYmKxdAV4FVYazvLuPNHCpRk6j7LaVJyfhl6CsHs%2BazN6xTOM3tkDSN8VZ%2F%2FG2M%2FDCj1vWTxYI24k4LjM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9cdc83193e0aa0cd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11327,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (658), with CRLF, LF line terminators","md5":"929985cf2389488a730c248b95c980c6","sha1":"4e052306ba91c35d1cde87932b35994c466b492d","sha256":"978d21ef2be5749d2262ec04b27b41ab82ad1ea57469f8920f82b712087e570e","sha512":"3f863a67c3ce2a8db3f9d13aae28c74b386f571877118f38f0e2284a989e7584be630a692df764407d80474f0eb78129077d60a85e395eff0b43b95800172165","ssdeep":"192:hy01M43XiFS+IcGdcm/LoM3RN22YxJrarDiJ+7W40/FyIdA9Ss:00blgVHM3RM2Y7aviJ+7t0/cIdY","tlshash":"b632a5575df4603ae2c2a192abf17b58ee8a514ba9880c5033dd0ace8fd1f97cc5321c","first_seen":"2026-02-13T02:06:12.500734Z","last_seen":"2026-02-14T12:19:31.726623Z","times_seen":2,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ibmplexsans/v23/zYXzKVElMYYaJe8bpLHnCwDKr932-G7dytD-Dmu1syxeKYbSAYZgVNU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/ibmplexsans/v23/zYXzKVElMYYaJe8bpLHnCwDKr932-G7dytD-Dmu1syxeKYbSAYZgVNU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://scamstack.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 45428\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 02:58:53 GMT\r\nexpires: Sat, 13 Feb 2027 02:58:53 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:10:51 GMT\r\ncontent-type: font/woff2\r\nage: 120015\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45428,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 45428, version 1.0","md5":"6b4b2adf4d0ee4301d394be6ecadeee3","sha1":"5facbf6ce85bb54b7478aed0ff40d7b67dfd60a4","sha256":"c5f70ddee640c270adabe47bdf8a589e237a5b5a10a5038fbc032f9f52225aae","sha512":"73f78a8a4448092fd0f477d8c4b849a7fd7babb512738874c352e8829f546443cbd7a3d431db865190a97911221fea74213822371adfca00dd2273d21a48dd58","ssdeep":"768:fympPv9IwdVTCobEyKKY1qlbGgjQhnX5sB4Gx4OVKKEoOMVN7/J2xh:fym9CXWY1qlqmOnJO4Gx4DKEo5VN1+","tlshash":"bb1301bf0376b9188250fa62aa6c3a9b765fbfb0b27608134a5b734d4c5047fde54318","first_seen":"2025-02-05T08:08:56.385262Z","last_seen":"2026-06-08T10:25:55.876745Z","times_seen":7838,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":109,"dns":4,"connect":9,"send":0,"wait":8,"receive":5,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scamstack.net/apple-touch-icon.png","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:09.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"scamstack.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 08 Jan 2026 22:47:33 GMT","end":"Wed, 08 Apr 2026 23:44:58 GMT"},"fingerprint":{"sha1":"27:0E:42:7A:9C:B6:BD:C1:C1:F4:AD:6A:C0:64:2E:B4:51:E8:0C:86","sha256":"91:4C:0A:C1:45:61:C0:A6:91:FF:34:BF:F2:E5:4F:C3:B8:23:FE:FD:E8:BE:18:05:BE:8E:99:AB:2D:11:79:FA"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: scamstack.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3ABwnfLqBzrcT6MJQYCrKTTm_v1X0Yu4wf.A0UsMtOreXGflrfCWxu0DcVh1JyL2yQNaoe4vqAvblU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 12:19:09 GMT\r\ncontent-type: image/png\r\ncontent-length: 36321\r\ncontent-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;img-src 'self' data: blob:;connect-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 09 Jan 2026 03:13:51 GMT\r\netag: W/\"8de1-19ba0bf0198\"\r\npriority: u=6,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9W8kUeysQtv6dMKh2ryRcmgCvRREVunibJ7mKkzVQa%2B66o9BPex0sKtpeLsYXlf2WQIVOzSG4GXkPHhM2t1klbnuI3Eu%2F7zFZK8oBNI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9cdc831d5ec22d96-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36321,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"6eb322e7a1bb3a987e9c13135116daf0","sha1":"f548b7b57a417b494340b04125d9be59e75d690b","sha256":"cebfb900b7fd357161477b78b88ee80139b31685dbec42577be7a615ecae32f7","sha512":"b2475126bb55810538435a9820b047f44306206bc15d227db8250ce4bd6bfb3248d52724bce252df2b73d1e82b3ecaa266e619104d5fa43baadb7c1758f7e751","ssdeep":"768:i1HH6+0VNobRM9Js878rZIe7wLFSKPW92uO9SY9:MdAo9X8YGeHKe2uISK","tlshash":"faf2f16345816626dc6703ce8c0ad15ea9f1cc0c833e5750eadf651be62674cdebc725","first_seen":"2026-02-13T02:06:12.462911Z","last_seen":"2026-02-14T12:19:31.727458Z","times_seen":2,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"scamstack.net/uploads/1768045993095-461836363.webp","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"scamstack.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 08 Jan 2026 22:47:33 GMT","end":"Wed, 08 Apr 2026 23:44:58 GMT"},"fingerprint":{"sha1":"27:0E:42:7A:9C:B6:BD:C1:C1:F4:AD:6A:C0:64:2E:B4:51:E8:0C:86","sha256":"91:4C:0A:C1:45:61:C0:A6:91:FF:34:BF:F2:E5:4F:C3:B8:23:FE:FD:E8:BE:18:05:BE:8E:99:AB:2D:11:79:FA"}}},"request":{"raw":"GET /uploads/1768045993095-461836363.webp HTTP/1.1\r\nHost: scamstack.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3ABwnfLqBzrcT6MJQYCrKTTm_v1X0Yu4wf.A0UsMtOreXGflrfCWxu0DcVh1JyL2yQNaoe4vqAvblU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 12:19:08 GMT\r\ncontent-type: image/webp\r\ncontent-length: 138192\r\ncontent-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;img-src 'self' data: blob:;connect-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Sat, 10 Jan 2026 11:53:13 GMT\r\netag: W/\"21bd0-19ba7c0dc8d\"\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s6FWOX94HfiPF89l6ptNzspHBTD%2Bv4%2FLrOG9DFEU%2F%2Fo9MzdH9XD%2FvkUK1VnoxC0VJiC0gVzDR72Bu4l5izbMpHAI1Ff1Tqlcw5VyscE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9cdc831c2ae22d96-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":138192,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1536x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c6fdd41d0fcf3f74743d9e45bf217bb7","sha1":"89b1acfc655583f3739bf64393785aeae5c4e501","sha256":"b8a5c0ed9cd64437c2bcdc44aab9876f80c32bf3393bbeebbbb4c26171c2d41a","sha512":"67dc85741a44a0740ef9df2a04ef3faace0630768b42a79007ff57f1e2210032eaace5f25c02cd6bd283d1cff92636e3c75de77e1d912c3d4681a11a27a63a61","ssdeep":"3072:ceFqaqaLl75mzR0uKzOyDgVRfq5nThoBUtFW9z3HNP0GjxB6S8qdZGd:1tE2xFgHq5nTa2tg9rLjxBV8N","tlshash":"8cd312d18812d616aef6ccced917613eac43efbedc53d912c8b061226b363067d60ac5","first_seen":"2026-02-13T02:06:12.506032Z","last_seen":"2026-02-14T12:19:31.728343Z","times_seen":2,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":58,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Chakra+Petch:wght@500;600;700\u0026family=IBM+Plex+Sans:wght@400;500;600\u0026family=JetBrains+Mono:wght@400;500\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.20.170","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"09:4B:1C:B6:64:C5:97:5E:E3:CF:D9:FF:1A:01:C4:D8:D7:10:82:7A","sha256":"2F:A7:09:04:89:72:33:DE:1D:F8:A7:A6:EC:9F:0C:74:15:D5:B0:87:85:BE:25:63:1A:0E:73:0C:72:E3:CD:C8"}}},"request":{"raw":"GET /css2?family=Chakra+Petch:wght@500;600;700\u0026family=IBM+Plex+Sans:wght@400;500;600\u0026family=JetBrains+Mono:wght@400;500\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 14 Feb 2026 12:19:08 GMT\r\ndate: Sat, 14 Feb 2026 12:19:08 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17392,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"36f4c64bf1b412a82b4fa48578996b6e","sha1":"5af3163a7270515af7c4fd0de509c76fa012e4dc","sha256":"bdd3a319a89deddc7419283de97264f6cb1c78d8a32d6482677364cb10b018d1","sha512":"b56601c1ca41c05a802253dbaceb90c2f59b9e94deda223423fc33972816659081b125124a5c503b56091c1d03e26b6a05da0ba23c94158b626b248ef282be33","ssdeep":"192:PbVd4YUFsp8qxV+zwVCeHZdl3gkLTHHi2l3fTLkWHTnl3uiLZBG+7p3ZAXYjG9Ua:z6NSlHH1ByOGCE","tlshash":"9b72fea0406ba440ea031cc233df7f36ad4e61566485d5bd9ffe18a89caed362334b5d","first_seen":"2026-02-13T02:06:12.467316Z","last_seen":"2026-02-14T12:19:31.729151Z","times_seen":2,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":57,"dns":1,"connect":8,"send":0,"wait":19,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"scamstack.net/css/style.css","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"scamstack.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 08 Jan 2026 22:47:33 GMT","end":"Wed, 08 Apr 2026 23:44:58 GMT"},"fingerprint":{"sha1":"27:0E:42:7A:9C:B6:BD:C1:C1:F4:AD:6A:C0:64:2E:B4:51:E8:0C:86","sha256":"91:4C:0A:C1:45:61:C0:A6:91:FF:34:BF:F2:E5:4F:C3:B8:23:FE:FD:E8:BE:18:05:BE:8E:99:AB:2D:11:79:FA"}}},"request":{"raw":"GET /css/style.css HTTP/1.1\r\nHost: scamstack.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3ABwnfLqBzrcT6MJQYCrKTTm_v1X0Yu4wf.A0UsMtOreXGflrfCWxu0DcVh1JyL2yQNaoe4vqAvblU\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 12:19:08 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;img-src 'self' data: blob:;connect-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Sat, 10 Jan 2026 00:11:52 GMT\r\netag: W/\"2eb4-19ba53ec140\"\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=x3bFKXM44CtZdad2uGLKh2r%2BIftXA695UWnWa%2FyqLAX4Oa6aTfhbLHHfzHRtI5Ttd1ULkygwDdjwRO40p2hAxUaegiFqNGQLaXybnWU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9cdc831aff312d96-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11956,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"Unicode text, UTF-8 text","md5":"7a6ec4b322263a2293ae9d930e76d688","sha1":"389c8320a29b56c898936a75661cc7c4ff28869a","sha256":"bc1280413ef64306b5b662bef3ffb4605aaad90cf62eb378727fea5c94ae1be8","sha512":"49b1a4d4d5ec3067808fea180f9c5cf77f17a41af2b3ef8ea33cfbd818dea2da0cf775e2f540013483d2cb38c96706f12778baf8672df5fd075f1e142064eb1f","ssdeep":"192:8pkema9uKfwy9HwsqNfHolYoDQTCFdODMG2XNm9j2i0cPHL9uLDQqSADSNO1KQdP:zep+N6BDcADS4ckaFDgL","tlshash":"5032329217b30e75b91755a55befc348326c60838a5ecca93fcc660c8f487f9a152b8c","first_seen":"2026-02-13T02:06:12.479918Z","last_seen":"2026-02-14T12:19:31.729905Z","times_seen":2,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"scamstack.net/js/main.js","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"scamstack.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 08 Jan 2026 22:47:33 GMT","end":"Wed, 08 Apr 2026 23:44:58 GMT"},"fingerprint":{"sha1":"27:0E:42:7A:9C:B6:BD:C1:C1:F4:AD:6A:C0:64:2E:B4:51:E8:0C:86","sha256":"91:4C:0A:C1:45:61:C0:A6:91:FF:34:BF:F2:E5:4F:C3:B8:23:FE:FD:E8:BE:18:05:BE:8E:99:AB:2D:11:79:FA"}}},"request":{"raw":"GET /js/main.js HTTP/1.1\r\nHost: scamstack.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3ABwnfLqBzrcT6MJQYCrKTTm_v1X0Yu4wf.A0UsMtOreXGflrfCWxu0DcVh1JyL2yQNaoe4vqAvblU\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 12:19:08 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;img-src 'self' data: blob:;connect-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 09 Jan 2026 02:34:54 GMT\r\netag: W/\"c63-19ba09b58b0\"\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\npriority: u=3,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7UsxxOZqdLRe8Nuwo4y%2BtY8SUzzySW7sDJ4AtBH%2BU2LHfbTpzb4CA94ISIrLrF7lK1zt5EOL9Rb2Jzxj7hj9u4%2BOzZI7qYQ%2BpAefmPw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9cdc831aff3f2d96-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3171,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"HTML document, ASCII text","md5":"0270899cbb078e7f4932ac1060bc55d9","sha1":"bcf708172cc97d228c5eb453ef834cd9b26cbc9a","sha256":"6853848686d023558491ce6701b5fa03652b439bc883729666ff045a60c4ea63","sha512":"8f82859dc3d35cdb6e3e243d4e233445bd4ec96da3d3e3d2d97848f29f7653456a60b2a4a2ec67b4fde2e1080913d9df5f4ebbd0837bce557833c74e49c477b3","ssdeep":"","tlshash":"5751120c92f2543585cb62fd5be72682be30155b3844c8a9374cc7889f86fca74a76d8","first_seen":"2026-02-13T02:06:12.486388Z","last_seen":"2026-02-14T12:19:31.7308Z","times_seen":2,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"scamstack.net/uploads/1768001839005-197258904.webp","fqdn":"scamstack.net","domain":"scamstack.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"scamstack.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 08 Jan 2026 22:47:33 GMT","end":"Wed, 08 Apr 2026 23:44:58 GMT"},"fingerprint":{"sha1":"27:0E:42:7A:9C:B6:BD:C1:C1:F4:AD:6A:C0:64:2E:B4:51:E8:0C:86","sha256":"91:4C:0A:C1:45:61:C0:A6:91:FF:34:BF:F2:E5:4F:C3:B8:23:FE:FD:E8:BE:18:05:BE:8E:99:AB:2D:11:79:FA"}}},"request":{"raw":"GET /uploads/1768001839005-197258904.webp HTTP/1.1\r\nHost: scamstack.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: connect.sid=s%3ABwnfLqBzrcT6MJQYCrKTTm_v1X0Yu4wf.A0UsMtOreXGflrfCWxu0DcVh1JyL2yQNaoe4vqAvblU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 14 Feb 2026 12:19:08 GMT\r\ncontent-type: image/webp\r\ncontent-length: 88408\r\ncontent-security-policy: default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;img-src 'self' data: blob:;connect-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 09 Jan 2026 23:37:19 GMT\r\netag: W/\"15958-19ba51f1fa2\"\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SXLhQQ3XFdJGKZXQPp2d5JqmR0Qo46FQ9pNvgH3i3rniOfLBGLG1m43datK5zb5zFrJZjB5o2FRZ8Ixoe7PQfH8GAWKJq5hwoB12uP0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9cdc831c3aed2d96-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":88408,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1536x1024, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"edc570d4c9e8ea2215c030c6d5e69848","sha1":"fefbc9df2309576f1eab5a44a5d52c4f517c8098","sha256":"a3e4713d60d2e6ccd2c9f7c28fd70b5530fbb93f0a49d04bebffd58c7ca35148","sha512":"1f201ab308aec13848cb84a7e6daa79ab28e50b164bff523ea4b3308fb41a9de4c0e2acc628d0703e08af620f99b067e36332c4345be8b39d066a3e968539185","ssdeep":"1536:Z/tgZ0w8XH1LxkDe1uJDCqlIxFQlo9lhJ5XuTKfHtOU0xGaopVTMukt0ScQXJC51:9tgZFsV2a1uZCcIxFQlUhJ5XuTKfHtJn","tlshash":"0d83120fc5dabfaf192634e962ed867e481a46de00c858e1b336953d1bf31edb425c12","first_seen":"2026-02-13T02:06:12.456583Z","last_seen":"2026-02-14T12:19:31.731528Z","times_seen":2,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"scamstack.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/chakrapetch/v13/cIflMapbsEk7TDLdtEz1BwkebIl1R5_F.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://scamstack.net/en","date":"2026-02-14T12:19:08.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/chakrapetch/v13/cIflMapbsEk7TDLdtEz1BwkebIl1R5_F.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://scamstack.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 9956\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 03:04:32 GMT\r\nexpires: Sat, 13 Feb 2027 03:04:32 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 16 Sep 2025 13:25:57 GMT\r\ncontent-type: font/woff2\r\nage: 119676\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9956,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 9956, version 1.0","md5":"5423161597dcdfab1f2f5a748a06685c","sha1":"fd6f87a550d7a981ca337094ee1dd3b1248195c7","sha256":"36ad966cb653de70ba37355c41003b02de8940b2df6cbcd46480a6ad8cadd65d","sha512":"558a0a6eea3a25e40d7a60e12d5323feb8912fd7a4daa8d50fcfaf2e242ac4b3d9e5c40e0e1bf096ee9a54a9f94e869b295573a11a737b317db6cc0c6817c912","ssdeep":"192:GGTEGG7rNpkIi/flq1q/ARqFcaDbxwOEu3WoL/ZGNPylMaj51eTlWUryjyV/vWeP:GYEZ7riI1BsFRHbbYd+MCsRrd/vBP7pF","tlshash":"6c22bfb1447a8a80cd27cbfba6e38505a1b0264c098d0cf4d5c7bdd31e27fade827595","first_seen":"2025-05-02T11:00:46.815622Z","last_seen":"2026-06-08T04:21:31.04215Z","times_seen":927,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":55,"dns":0,"connect":20,"send":0,"wait":17,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}