{"report_id":"aeda7fba-63a0-4fcb-8f7f-a300ce99e00d","version":6,"status":"done","tags":[],"date":"2025-11-21T01:50:50Z","url":{"schema":"http","addr":"fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","fqdn":"fat-van-echoing.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.12.141","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","fqdn":"fat-van-echoing.on-fleek.app","domain":"on-fleek.app","tld":"app"},"title":"Webmail","dom":{"size":7957,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (500)","md5":"f1628241473255b90a6725bcf72c99bb","sha1":"a096fa18fb44b1d03c6228a93b15b3ebf06dbb54","sha256":"4ee6d813152a5433ce665add5764bff6962ca784df1f3de57e334c944befd556","sha512":"9ca41f1525cedb15d8f757c037a69e8a758f40b2f3d6095647aad83f657c2a4664c1be4fb72568e2814d5ebea540a21b53cde225b41f4f0190b9214f007d5097","ssdeep":"96:rIPfVV3tARPy48S8k45USz+45RaIkata89+RzydNAYt9+kex8KdRonI7B1g/M:rIl9eRPyfS8LUSZRa2b9wmtI98IT","tlshash":"e7f162a862fa0d2b819386e938db7409bd01d297d35c24e5bf6d45f10fc7da1980f19b","dom_hash":"domhashc59d69afccb598c37df8c553a509577e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","fqdn":"fat-van-echoing.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.12.141","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-26T01:50:50Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":9}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"alphatrade-options.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"alphatrade-options.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2024-12-23","alert":"Phishing - Other","trigger":"fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"fat-van-echoing.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-21","alert":"Phishing Block","trigger":"fat-van-echoing.on-fleek.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"fat-van-echoing.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"fat-van-echoing.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"fat-van-echoing.on-fleek.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"fat-van-echoing.on-fleek.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"ik.imagekit.io","ip":{"addr":"54.240.174.23","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2016-01-17","domain_rank":153981,"first_seen":"2017-04-02T12:17:08Z","last_seen":"2025-11-17T08:56:12.804802Z","alert_count":0,"request_count":1,"received_data":684,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"ImageKit","description":"ImageKit is a real-time image and video transformation, optimization, and delivery service with built-in digital asset management, powered by a global CDN.","website":"https://imagekit.io/","common_platform_enumeration":"","icon":"ImageKit.svg","categories":["CDN","Digital asset management"]}]},{"fqdn":"alphatrade-options.com","ip":{"addr":"192.3.141.254","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"domain_registered":"2023-10-23","domain_rank":0,"first_seen":"2020-08-05T06:26:24Z","last_seen":"2025-11-19T02:11:17.407309Z","alert_count":2,"request_count":1,"received_data":481,"sent_data":465,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"fat-van-echoing.on-fleek.app","ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-07-28","domain_rank":0,"first_seen":"2024-08-28T01:35:37Z","last_seen":"2025-11-06T03:47:39.383161Z","alert_count":7,"request_count":1,"received_data":164144,"sent_data":514,"comment":"","tags":null,"fingerprints":[{"name":"IPFS","description":"IPFS is a peer-to-peer hypermedia protocol that provides a distributed hypermedia web.","website":"https://ipfs.tech/","common_platform_enumeration":"","icon":"IPFS.svg","categories":["Network storage"]},{"name":"Django","description":"Django is a Python-based free and open-source web application framework.","website":"https://djangoproject.com","common_platform_enumeration":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","icon":"Django.png","categories":["Web frameworks"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-11-16T22:20:40.871771Z","alert_count":0,"request_count":1,"received_data":86166,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fac.corp.fortinet.com","ip":{"addr":"208.91.114.103","port":443,"asn":40934,"as":"FORTINET","country":"Canada","country_code":"CA"},"domain_registered":"2001-02-16","domain_rank":1096827,"first_seen":"2017-10-16T05:55:10Z","last_seen":"2025-11-20T11:52:10.152187Z","alert_count":0,"request_count":1,"received_data":820,"sent_data":511,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","fqdn":"fat-van-echoing.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-03T19:29:00.279604Z","times_seen":203365,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","fqdn":"fat-van-echoing.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0a18dbfb856e33fcea42e5a8db3458d0","sha1":"bf7f679ff888573c6855b41a5b19661badcebbfe","sha256":"3b5e8e9c897749a5b1360d449e0e0df9c2d01ea87cca28c9d93282e6570ced72","sha512":"da57682424adb84feab620359c3630bc4bef1010cc24628f6481159116754212192c0b60e120b7717a35012bf87da4183f3ae4eef3b7b9fcf1d87f9d4baf1714","ssdeep":"","tlshash":"04e04f4a9140246022f33826df123129b16344ef981be930350d93657f106af93739ca","size":348,"data":"","first_seen":"2023-03-07T01:12:06Z","last_seen":"2026-04-03T18:14:29.171886Z","times_seen":9279,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","fqdn":"fat-van-echoing.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c10f46be25034181d44a456ba86118fa","sha1":"104558b33c8e92f2d03cb4e8aa80ee48814da0a0","sha256":"871587f3a77dafba333e4785fd4391a0c98804bde420d63ab43ae2c7e38320d7","sha512":"84919f490616956adbc3a6eebbbdbcb16a07f362b3a68a4bdb32c9fd0291bd79e51b656a5269654547c3798b6c6bccd7d4804f839d525b14453a708f13065822","ssdeep":"3072:NQhE1TlU89ZltKTeanTTmNDCyUd//CSkTciHFGsveng+O:b1C83xanTaNDCyUd3CSkQiHFGsveg+O","tlshash":"b5e321c177d2bc8112472b7a771bb6f5f92a4ce87088488af014bc94f5bda06fae0575","size":149283,"data":"","first_seen":"2025-01-23T11:41:46.586523Z","last_seen":"2025-12-09T03:30:30.885138Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-2.2.4.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-03T19:30:26.380819Z","times_seen":261062,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/","fqdn":"fac.corp.fortinet.com","domain":"fortinet.com","tld":"com"},"ip":{"addr":"208.91.114.103","port":443,"asn":40934,"as":"FORTINET","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","date":"2025-11-21T01:50:30.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fac.corp.fortinet.com","organization":"Fortinet, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 10 Feb 2025 00:00:00 GMT","end":"Mon, 09 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:04:8D:F5:6F:6E:EE:68:A1:8A:98:5C:48:DA:BF:A2:40:00:8F:5D","sha256":"A0:28:A2:28:8F:73:0F:3E:04:FD:74:ED:E9:E2:62:A4:78:AD:0F:69:21:A6:85:D6:34:DF:FE:D4:AA:B4:70:9F"}}},"request":{"raw":"GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1\r\nHost: fac.corp.fortinet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fat-van-echoing.on-fleek.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nStrict-Transport-Security: max-age=15552000\r\nDate: Fri, 21 Nov 2025 01:50:30 GMT\r\nContent-Length: 1284\r\nContent-Security-Policy: default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; base-uri 'self'; script-src 'self'\r\nX-Frame-Options: SAMEORIGIN\r\nVary: Accept-Encoding\r\nContent-Language: en\r\nX-Content-Type-Options: nosniff\r\nReferrer-Policy: strict-origin-when-cross-origin\r\nCross-Origin-Opener-Policy: same-origin\r\nContent-Encoding: gzip\r\nCache-Control: public, max-age=31536000\r\nSet-Cookie: device_id=73cb87da-f7ad-4b36-9352-7b70bc44f045; expires=Sat, 21 Nov 2026 01:50:30 GMT; HttpOnly; Max-Age=31536000; Path=/; SameSite=None; Secure\r\nPermissions-Policy: fullscreen=(self)\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=utf-8\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":1257,"timings":{"blocked":537,"dns":0,"connect":147,"send":0,"wait":161,"receive":0,"ssl":409},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif","fqdn":"ik.imagekit.io","domain":"imagekit.io","tld":"io"},"ip":{"addr":"54.240.174.23","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","date":"2025-11-21T01:50:30.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imagekit.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Sun, 22 Dec 2024 00:00:00 GMT","end":"Tue, 20 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"61:BF:F1:A1:C3:63:69:98:40:72:23:FE:9D:C6:A8:42:2E:10:3F:B0","sha256":"56:10:8F:3D:13:E7:1E:52:E3:42:C0:94:B7:DE:1A:07:D4:8E:E9:60:05:30:AF:FB:1E:83:90:CB:7E:DE:39:4E"}}},"request":{"raw":"GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1\r\nHost: ik.imagekit.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fat-van-echoing.on-fleek.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 429 Too Many Requests\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 25\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: *\r\ntiming-allow-origin: *\r\nx-server: ImageKit.io\r\nx-request-id: 184c0a94-8d38-4b49-a10d-8bc1b5f9ac17\r\netag: W/\"19-Sb63ye3Vgoi0fy8haTOneSzGWGM\"\r\ndate: Fri, 21 Nov 2025 01:50:30 GMT\r\nvia: 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront), 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)\r\nx-cache: Error from cloudfront\r\nx-amz-cf-pop: OSL50-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: VgPEMuThaNrrBnRW2BuJoM_ucOFFHUH5k8W0RCU3IIwFQ9MWdvBrXg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"429","status_text":"Too Many Requests","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"ImageKit","description":"ImageKit is a real-time image and video transformation, optimization, and delivery service with built-in digital asset management, powered by a global CDN.","website":"https://imagekit.io/","common_platform_enumeration":"","icon":"ImageKit.svg","categories":["CDN","Digital asset management"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":233,"timings":{"blocked":15,"dns":22,"connect":1,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"alphatrade-options.com/git/rand/favicon.png","fqdn":"alphatrade-options.com","domain":"alphatrade-options.com","tld":"com"},"ip":{"addr":"192.3.141.254","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","date":"2025-11-21T01:50:30.538Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alphatrade-options.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 10:31:06 GMT","end":"Fri, 09 Jan 2026 10:31:05 GMT"},"fingerprint":{"sha1":"3F:82:2D:5E:7D:89:8B:3D:1B:07:A6:9F:37:F7:66:FE:B2:98:0F:81","sha256":"EF:FE:1A:C5:EC:30:5A:25:22:68:36:C4:68:74:85:12:F4:15:06:27:A7:14:22:4C:D3:7B:46:DE:12:8D:D7:D0"}}},"request":{"raw":"GET /git/rand/favicon.png HTTP/1.1\r\nHost: alphatrade-options.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fat-van-echoing.on-fleek.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Fri, 21 Nov 2025 01:50:31 GMT\r\nserver: LiteSpeed\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":596,"timings":{"blocked":0,"dns":0,"connect":357,"send":0,"wait":106,"receive":0,"ssl":133},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"alphatrade-options.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"alphatrade-options.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","fqdn":"fat-van-echoing.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-21T01:50:28.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.on-fleek.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 17 Oct 2025 19:53:00 GMT","end":"Thu, 15 Jan 2026 19:52:59 GMT"},"fingerprint":{"sha1":"85:BE:21:F5:F2:E4:AB:BC:28:B2:49:37:2B:2E:CF:DA:36:2A:52:E4","sha256":"C5:0C:33:89:21:86:7D:CA:7F:07:90:56:1B:51:99:57:36:10:E0:72:81:8A:D4:27:33:7C:89:07:B8:BC:5C:B3"}}},"request":{"raw":"GET /jiwfggtbsnd1.html HTTP/1.1\r\nHost: fat-van-echoing.on-fleek.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 21 Nov 2025 01:50:29 GMT\r\ncontent-type: text/html\r\ncf-ray: 9a1c89542bb70afa-OSL\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-origin: *\r\ncache-control: max-age=60, stale-while-revalidate=3600\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\naccess-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With\r\naccess-control-allow-methods: GET,HEAD,OPTIONS\r\naccess-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output\r\naccess-control-max-age: 86400\r\ncontent-security-policy: upgrade-insecure-requests\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-cache-status: HIT\r\nx-content-type-options: nosniff\r\nx-ipfs-path: /ipfs/bafybeif44ty37vfkju7y6rz6nzwvlfe2t7wcydo2dcosaz36cocwbmomlm/jiwfggtbsnd1.html/\r\nx-ipfs-roots: bafybeif44ty37vfkju7y6rz6nzwvlfe2t7wcydo2dcosaz36cocwbmomlm,bafkreihlc2wahbdk5f7jh5x4dwxbjcxyr2qz22fv3bco4duwfizhonqr3y\r\nx-request-id: 2501e621e4d40f1592b985b5e2e0b036\r\nx-xss-protection: 0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2WKZgKRJFj%2Bb6TDQaWHM7PGx%2FJV2C209ynQNFACypfGpXcpqRanFY35XU1EatwXd874rCL2eNUDTQ4xiQVMS0ckBEkBVAGmacNKeS448plRwzsS%2BeNRw4FA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IPFS","description":"IPFS is a peer-to-peer hypermedia protocol that provides a distributed hypermedia web.","website":"https://ipfs.tech/","common_platform_enumeration":"","icon":"IPFS.svg","categories":["Network storage"]},{"name":"Django","description":"Django is a Python-based free and open-source web application framework.","website":"https://djangoproject.com","common_platform_enumeration":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","icon":"Django.png","categories":["Web frameworks"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]}],"data":{"size":162718,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (52134), with CRLF line terminators","md5":"fe4038d044770d55a29a1802e66feb85","sha1":"b436816ac305f55f19a65e6b3eb3655b512cdb5f","sha256":"eb16ac03846ae97e93f6fc1dae148af88ea19d68b5d844ee0e962a32773611de","sha512":"7ab403ec11cc8bc240cf979eda97e755fd25ddf844af6f0e1430b563ce5f413f4047fd9f465f197c4cee9d0cad8c20bd1ea5033d672599a005ea9afc57c896ee","ssdeep":"3072:OFQhE1TlU89ZltKTeanTTmNDCyUd//CSkTciHFGsveng+1:G1C83xanTaNDCyUd3CSkQiHFGsveg+1","tlshash":"c5f32dc1b7d2bc811247277a771bb6e5e92a4cd97088488af00cbd94f7bd902fae0575","first_seen":"2025-01-23T11:41:46.582163Z","last_seen":"2026-01-20T02:14:41.724948Z","times_seen":16,"resource_available":true,"data":null}},"time_used":1451,"timings":{"blocked":26,"dns":11,"connect":1,"send":0,"wait":1399,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":[{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2024-12-23","alert":"Phishing - Other","trigger":"fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"fat-van-echoing.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-21","alert":"Phishing Block","trigger":"fat-van-echoing.on-fleek.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"fat-van-echoing.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"fat-van-echoing.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"fat-van-echoing.on-fleek.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-21","alert":"Sinkholed","trigger":"fat-van-echoing.on-fleek.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-2.2.4.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fat-van-echoing.on-fleek.app/jiwfggtbsnd1.html","date":"2025-11-21T01:50:30.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-2.2.4.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fat-van-echoing.on-fleek.app/\r\nOrigin: https://fat-van-echoing.on-fleek.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-14e4a\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Fri, 21 Nov 2025 01:50:30 GMT\r\nage: 834767\r\nx-served-by: cache-lga21935-LGA, cache-hel1410020-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 37, 208\r\nx-timer: S1763689830.273029,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 29811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85578,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-03T19:30:26.380819Z","times_seen":261062,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":53,"dns":1,"connect":27,"send":0,"wait":26,"receive":8,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}