{"report_id":"affc695b-7fde-46b1-959c-666e0ea53d92","version":6,"status":"done","tags":[],"date":"2026-02-14T00:57:11Z","url":{"schema":"https","addr":"dondaldduck.xyz/","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"104.21.88.109","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"dondaldduck.xyz/","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"title":"Donald Duck Solana","dom":{"size":100729,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (19444)","md5":"a4c367d2236b986737cb554d4b3f3c91","sha1":"894e4a5ad643b0751d3419563994205c891d4732","sha256":"918dbb4d2b159d44d1cd934516e5fed6e4de6e63364368fed51d7a82e468ef60","sha512":"fca98778bf6325c05fc900e50e13eff8c329e4d351b49cb6939925fcdd3dd115b9a1050bed6537781209de3667492350132df8a5561b8750e4394cabd05ae39a","ssdeep":"1536:ycuqF3u9+hoMDZHS0EEw0EEtrVeLAmdyCT:SQhoKaT","tlshash":"2aa3841966b2407a2c53a0f9a7da6a5e763ab183dd2fcca4bedd01006fd66f45cc7304","dom_hash":"domhash921904f501699e4db3b7e5ff9e7bc6f3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"dondaldduck.xyz/","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"104.21.88.109","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-21T00:57:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"dondaldduck.xyz","ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-29","domain_rank":0,"first_seen":"2026-02-13T02:59:45.689056Z","last_seen":"2026-02-13T02:59:45.689056Z","alert_count":11,"request_count":11,"received_data":2062763,"sent_data":4965,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.20.170","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-02-08T22:17:48.645662Z","alert_count":0,"request_count":1,"received_data":2383,"sent_data":491,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.tailwindcss.com","ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-07-20","domain_rank":117330,"first_seen":"2018-07-09T05:46:13Z","last_seen":"2026-02-09T04:02:06.96467Z","alert_count":0,"request_count":2,"received_data":815938,"sent_data":822,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-02-08T22:14:51.234086Z","alert_count":0,"request_count":3,"received_data":58679,"sent_data":1629,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"dondaldduck.xyz/","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"15ae6ebb52053a28fc36cd6aff9307d5","sha1":"5b0e62b86eed0f76f2917d2d90784507ad3491af","sha256":"f6fcc0b491de51cfff321601d6041ea57f964ad6de71de9746a1224cab4633ad","sha512":"0ae0d08078769bb8f632b0d36ba716e0e5c8eab16bb96e58471a63d920fea4b065f01a6f23e2ab24a59109bb63990991768065d22f9b3241333b578f6f52b5fe","ssdeep":"6144:RUDN3U+ytZAURdTeoE8qxSiuAVRpdTeHQc+p4S1n:RU5XVnVRpdTR3","tlshash":"68842f8b04bed477935068ab1d3a999da49c2b082ba61c376603d8fdfce9801d3f7574","size":400778,"data":"","first_seen":"2026-02-13T02:59:52.518073Z","last_seen":"2026-02-14T00:57:15.01103Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","size":407279,"data":"","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-06-08T21:14:28.813537Z","times_seen":39850,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1984dae907806f8b6c4bd466dc801d21","sha1":"23f4ed472cd757c881daf66c258fc50974c77ef0","sha256":"9f5912bfdfe4b8a5ffbd3493fe89309823e053c5c278e3dc652a035c68c27363","sha512":"274198d8f6b627a1c46921d43252147671d9dc33064e1be0a165c3875f27f5e2481116d48bb9cb857494de30fe96cf1357877271e1a225005a71506f4e753fb1","ssdeep":"192:ehk1uYM2+qWbPA6ZZvMS8VmWvJFuxQzAPvLYmevLQXy/X6:SpbPAmvYExlHylS","tlshash":"4d02c51978f300354ab366fab3cfa8a4792190037585ca953b1dc2059f92e98e9f37cd","size":8469,"data":"","first_seen":"2026-02-13T02:59:52.519391Z","last_seen":"2026-02-14T00:57:15.012969Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/secureproxy?s=%2F%40v1%2Fcdn%2Fjs%2Fcesium.theme.umd.js%3Ft%3D29517176%26u%3DzwYfD6Uycogc9-mEGDY5NjkwMDI0Y2I1YzQ4OWE2MTA3YTgyMA7fjSv-gmYmIA155A","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"96c2ff1601099c21c598c24e6f43c7c4","sha1":"d78fa2e81b7b5ccf287c793c5a9985caaa0f6162","sha256":"7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91","sha512":"d7df68372670f0173ac5dc3c54ee38f13b29703dde9f71ec74827b535735e99b2b253e07960d66d8c3230f13cf29f20aa0f083db014cee0710379ffab68932be","ssdeep":"6144:0ujB8gltIeTM5/S8g6zRh5gDVLU2GIt/KJAsJRrydM147u/lhDlEqH96lm:vhltVM/g61sNUWsSdG7R","tlshash":"1ed438c2821814f684eb0ab6d133a21fdb4cce9dc69f2d20bfe55c9553c87a292f655c","size":656642,"data":"","first_seen":"2026-01-02T13:08:19.247086Z","last_seen":"2026-06-08T13:18:27.600009Z","times_seen":2556,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/workbox.cjs.js","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"96bbd6f2628a841dcd953ac5d623f9e1","sha1":"283377f7471921242e0e8a2a282e46bd1def8c2b","sha256":"92194d8bf06c487e83d2631262f1e1ea65adc79e85de7b9e018aaf21c0e503ca","sha512":"ba0be88363a4668011079122a435f5bb1df527eb58210a48914b9631ad7b55afeffb35325b28a3e19b04f3d2429520026019a8f438418be688338160deaa42f0","ssdeep":"6144:d0bZqn05HMZwURr7sYECmDOYYPMPRrdTQHi6CTYc3m:d01qniFPRrdTB6","tlshash":"c7941f8b04bed4b7935068eb1d3a599da49c27082aa61c376603d8fefce9801d3f7574","size":408090,"data":"","first_seen":"2026-02-13T02:59:52.511314Z","last_seen":"2026-02-14T00:57:15.004331Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"dondaldduck.xyz/1.png","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:48.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"GET /1.png HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dondaldduck.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 00:56:49 GMT\r\ncontent-type: image/png\r\ncontent-length: 186280\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 21:05:32 GMT\r\netag: \"697bcb9c-2d7a8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qELFrbmvB31mOzitLfd9M1p6LuZFqvXhv19CmCk8%2FBlIQwcb%2B2YXbWKOo63jsbpguxbYdMiA8vqxpjEnfzfIjYjOsTxNm0JkU8308D%2F4%2Fg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd89b997cbf4e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":186280,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 503 x 496, 8-bit/color RGBA, non-interlaced","md5":"6a5d48913ed408e19107ff2d1d83e516","sha1":"15a09cde065aabb34d74b34ec322af9de4d8fec1","sha256":"90f2debce6d1c9b02e2ab97083e483e7590b42b4a92e02f275e575ccee116c0a","sha512":"d99d75f372a550721ef09bbe6adfafdeaedbfef722fd10f7db16f03b26ab0674beb99f04a5b79253fc265f15ad835061b5d8d4a3a4667f28418b5d7c7e85f5ce","ssdeep":"3072:CrPhqKWFdCfn/YrBXbOYq1Y39pfmtsALT3xa3PRsNlB7tXFGsNOQECA5ZuImTY:CrPhGFdg/yh39pfmtsMzxY5sNlB7tXFM","tlshash":"4b04129226ef83fdc2b24a072505da7190789b24458e7ac15e34d87c2b92f146c9f7f3","first_seen":"2026-02-13T02:59:52.506207Z","last_seen":"2026-02-14T00:57:14.983967Z","times_seen":2,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/2.png","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:48.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"GET /2.png HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dondaldduck.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 00:56:49 GMT\r\ncontent-type: image/png\r\ncontent-length: 164251\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 21:05:32 GMT\r\netag: \"697bcb9c-2819b\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NYtRvV7wMCRJQjyYzT8YAagL12R3zA6Rz8PKWtLkWXcB7bmWpb%2FQklqsx%2B5%2BZmXdGT7e9Tm0E5Sald%2FK7M5IIXTHpz5B6npvTWylOvmAoA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd89b997cc04e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":164251,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1876x1484, components 3","md5":"cba292b971740db060ad370d081cbe3c","sha1":"31500ccfe74a60ec86ce8f1b507d1c7483995b3d","sha256":"1214d4e20690477695a2fe200898240ff6908a6a727fc7b53d1aeb5ef018e8e9","sha512":"e37303ab11c2b03e093cff770988f9248064422a42d54830cd5354b29c6d69fe231356c6da62d54b40300a9e18b7776e866dcdf1b01ae45b63dc09e9577d840e","ssdeep":"3072:vRezwvTMa1mG+PRGh9zB7wc1b6hF46EcS7WbHUPbs03S8ntMmPv70t:pr7xX+o/3xYHEWbYTS8nt2","tlshash":"34f31288631d6413c0535b35df891c328d4f5c611be6c01beaad976903aea7bee1d3ca","first_seen":"2026-02-13T02:59:52.513647Z","last_seen":"2026-02-14T00:57:14.98705Z","times_seen":2,"resource_available":false,"data":null}},"time_used":418,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":148,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/gallery-manager.php","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:49.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"GET /gallery-manager.php HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://dondaldduck.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 00:56:49 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 21:05:32 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nvary: accept-encoding\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PeSkG%2FZY%2FlWdS99KiMZMgS0Upt28qDt%2FDKf3fyo12jOP%2B53U%2B9VVVQc4u5CxgDXSLJbDwH4je1g0ggFS14YPpyfa%2Flykjwz64tl7Ysd71g%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd89b9ffe304e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]}],"data":{"size":78274,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"917934035688495f12a35042f20272e8","sha1":"12c7e1e7fa418d7a64618f051bb5d9d77ffae85c","sha256":"21852b057803efa9a7b7de563af969c0945402787c28556cc3c33dca8b269de4","sha512":"0e78dad67c0222ca532a8373e614227f49564ee97abcd815b24ee82bc4c5ac2ee33c65ff8d423c024761535e6ab2fe678f67f5e6083fa52f8c01b4c73f3d317e","ssdeep":"768:IdWfd9fWf9uWC8anfHjaJncaTQO3u9cTY7VOjrI0EEw0EEPXkMcLAmdyN:CbuqF3u9QjrI0EEw0EEPXjcLAmdyN","tlshash":"8973601926f240762c53a0f8b7db6a5eb63ae147dd2fdc64badd0100afc66b49cc6304","first_seen":"2026-02-13T02:59:52.510273Z","last_seen":"2026-02-14T00:57:14.989788Z","times_seen":2,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Luckiest+Guy\u0026family=Comic+Neue:wght@400;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.20.170","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:48.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"09:4B:1C:B6:64:C5:97:5E:E3:CF:D9:FF:1A:01:C4:D8:D7:10:82:7A","sha256":"2F:A7:09:04:89:72:33:DE:1D:F8:A7:A6:EC:9F:0C:74:15:D5:B0:87:85:BE:25:63:1A:0E:73:0C:72:E3:CD:C8"}}},"request":{"raw":"GET /css2?family=Luckiest+Guy\u0026family=Comic+Neue:wght@400;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dondaldduck.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 14 Feb 2026 00:56:49 GMT\r\ndate: Sat, 14 Feb 2026 00:56:49 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1697,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"cbb6eb7c3400ad7fce7e61b34f581f11","sha1":"30a0a4e03d33749c59af824bf05328a352f8a017","sha256":"c211a7d0e576549017694a6df9736d21cbd7635f4091c0a3fc805b22c08dc3e8","sha512":"94190d059cd1905e36c23c3fe58ba7e2deeea2aa4895965b17f7df5319c04dc6d82668e80982e13daa688400e63ac30967086ddfd108622c4de59f1152ac0b9a","ssdeep":"","tlshash":"f1319e81082ba900eb531dc113cebe33ef1ea1556450a9799efe18d8bc9ac1a5357b1d","first_seen":"2025-09-24T22:51:28.843091Z","last_seen":"2026-04-17T12:03:20.279192Z","times_seen":6,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":104,"dns":1,"connect":21,"send":0,"wait":32,"receive":0,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/3.4.17","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:48.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 21 Jan 2026 08:26:32 GMT","end":"Tue, 21 Apr 2026 09:26:27 GMT"},"fingerprint":{"sha1":"90:9B:CE:CB:FE:F2:C6:A9:53:13:5D:52:B6:07:F4:B4:84:28:97:60","sha256":"61:49:94:E8:FB:D1:24:14:DF:C9:92:BE:60:84:A8:D8:37:E3:89:DC:42:7B:0A:64:D3:F2:32:FD:D0:93:4C:4B"}}},"request":{"raw":"GET /3.4.17 HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://dondaldduck.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 14 Feb 2026 00:56:48 GMT\r\ncontent-type: text/javascript\r\ncache-control: max-age=31536000\r\ncontent-encoding: br\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::crrwr-1770516958843-e8a5a5e1e05a\r\nlast-modified: Sun, 08 Feb 2026 02:15:59 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nage: 513649\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UwgSW9AyB7oFprYbANO1cCYqSX%2Be9Y2HomM9ZSF%2BiZv7luAipo8AJaruqtuOiiiNARvJVlh3v45W4LbdA3W1vd43za0zgRBiHlIQLN7egCCu0w%3D%3D\"}]}\r\ncf-ray: 9cd89b99dd594c11-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (52853)","md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-06-08T21:14:28.813537Z","times_seen":39850,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/secureproxy?e=ping_proxy","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:49.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"GET /secureproxy?e=ping_proxy HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://dondaldduck.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 00:56:49 GMT\r\ncontent-type: text/html; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9pJHRjvbu8hiT2J%2BAxhvWzfFT2S6wq76w%2BRfPqINNCvQDDpGfV6R7cFqXkUGNzk%2FUOgRJTbuZdqJr%2Bua9%2BFUy95IilmVYnnXR1ghUjJTbg%3D%3D\"}]}\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd89b9cad634e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"6fdb087aa3fbfbcb8287a593a0919e61","sha1":"0e514a0662bcb69dc863953d1ce26e3d40e81a87","sha256":"9795c5ff8937f23526ccb207a5684c1fc94a7854e19c021b39d944e51f5baef2","sha512":"be5457d14c930b51b47ab152850c1ceaafe6ef88c8671b48164abbc83410b0c07a1e178540f6cdeac5f2672cadb1d1cbbb3434b3e39bc2c50c4646a2bae57437","ssdeep":"","tlshash":"fe300000300000000000000c0000000000000000000000000000000000300000000000","first_seen":"2023-04-12T09:14:15Z","last_seen":"2026-06-08T13:09:33.777887Z","times_seen":8784,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/luckiestguy/v25/_gP_1RrxsjcxVyin9l9n_j2hTd52.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:49.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/luckiestguy/v25/_gP_1RrxsjcxVyin9l9n_j2hTd52.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://dondaldduck.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 17360\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 01:06:43 GMT\r\nexpires: Sat, 13 Feb 2027 01:06:43 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 17:58:06 GMT\r\ncontent-type: font/woff2\r\nage: 85806\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17360,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 17360, version 1.0","md5":"70322c317b1f4e2e17dbc6b672f95f5f","sha1":"f3dff7c50e1aea33814c6aeeca177ae3ff900bfc","sha256":"3877b522181765adf66ba89bd68d288ecb9f2483b441baab3424646b0c7aaa0a","sha512":"83048e60c06b142d87fc1c236e4c1c025953bb9fc3ac9913f04660738679607c3dde4cbe7c3fd563e09b4609d284420ebcabc0637da58c48cb0db208087803f1","ssdeep":"384:WfC2S+GObRDijMwcY6tE+ICzuxdyMAngwp:W1S+RTDxICzPvp","tlshash":"1972e1edcab11465de8510ee2f1a3d89a941fba8c31043f19dc7fe56c0a4e34c798ea0","first_seen":"2023-05-03T01:37:24Z","last_seen":"2026-06-05T11:04:59.162348Z","times_seen":868,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":72,"dns":1,"connect":7,"send":0,"wait":8,"receive":2,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:48.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 21 Jan 2026 08:26:32 GMT","end":"Tue, 21 Apr 2026 09:26:27 GMT"},"fingerprint":{"sha1":"90:9B:CE:CB:FE:F2:C6:A9:53:13:5D:52:B6:07:F4:B4:84:28:97:60","sha256":"61:49:94:E8:FB:D1:24:14:DF:C9:92:BE:60:84:A8:D8:37:E3:89:DC:42:7B:0A:64:D3:F2:32:FD:D0:93:4C:4B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dondaldduck.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 14 Feb 2026 00:56:48 GMT\r\ncache-control: max-age=14400\r\nlocation: /3.4.17\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::pw4kz-1771030031161-511aef375ccb\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 577\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UlDi%2BDIgWZIt8XWPF9WCJpRym0wNBcrInmOMtqFBm0dQzLSS8SEOgG9ahD7UhBjKVaOnNbBBTsmNnoc8%2B3Sp3rElVT6MrnLjGHFNZUqsimEJ2w%3D%3D\"}]}\r\ncf-ray: 9cd89b99bd064c11-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":29,"dns":20,"connect":1,"send":0,"wait":3,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/4.png","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:48.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"GET /4.png HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dondaldduck.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 00:56:49 GMT\r\ncontent-type: image/png\r\ncontent-length: 92020\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 21:05:32 GMT\r\netag: \"697bcb9c-16774\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DjOlgLihU3K4wWtwD%2BGDjCE6i1q3j2XQ%2Bj%2BIEnTRIzT5Wfm2kmEv8nGOPB8YT1pKbWV0qxgWOMbJk2cSrTUCvyi4%2B5nvyhYYHxUou82rTA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd89b998cc24e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":92020,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 900x900, components 3","md5":"b40e88dbbc3521aa110a1315ac0fa381","sha1":"0be494d0d19980b136fddc427fd0b28124627377","sha256":"bbc2ebb7523e22b3d09eeb62cf63af086203141c66979ab7a8146bd220b57ea2","sha512":"c7b74c6f8214ae3367bdbd2dd606461a4d914e3387f8f8990bf50cb67d4a4a522ccffdede83b36d3eb49c4a02e687a7fa184f6bf573d173675f8563d0d70902d","ssdeep":"1536:aVY2GvJ1qb5r7/QCO1JkzxK02FX23wXa0khoXoKEHiQ8PooNt02mVj3IcOnf6yQS:91qb5rLQF1JkzxK02Fm3wXanoY1HiN0E","tlshash":"f69302e7b5a90499fa9fb49725d14b3aa30f4c8423085884edbb3b0f4772a2777d5831","first_seen":"2026-02-13T02:59:52.515551Z","last_seen":"2026-02-14T00:57:14.997943Z","times_seen":2,"resource_available":false,"data":null}},"time_used":323,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":106,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/comicneue/v9/4UaHrEJDsxBrF37olUeD96rp5w.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:49.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/comicneue/v9/4UaHrEJDsxBrF37olUeD96rp5w.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://dondaldduck.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 19572\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 00:50:00 GMT\r\nexpires: Sat, 13 Feb 2027 00:50:00 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 17:01:40 GMT\r\ncontent-type: font/woff2\r\nage: 86809\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19572,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 19572, version 1.0","md5":"d0346bbf7ae077cf903158b13c216b01","sha1":"e6e259379306bb5adcf730b4067cc78bac65a236","sha256":"b7753f30f8bd4925cf48a2ffe936c52ff1f16fe441f8c0245acf046296ac590f","sha512":"2fcddf35f48d05ad7b3acddaa10953685b8e16ed35660ae5b33be1000c274d6bf16ccbf928d555406a2b814b8fd1027674f74ab21fd93cc11fd29b1cb69b6a9e","ssdeep":"384:4JB7Mtgaxd+98hnQhohoBE0HGv2w5jfjj6DL+JFVEuASh2xmHAdp:4P7jaqkjoRmuXLgVEdShqBp","tlshash":"6992e15ea074c044bad1ebb42e93cb1f441ba4712aa345b6d1cf9a4ce911341e6ef33e","first_seen":"2025-09-21T16:42:47.372065Z","last_seen":"2026-06-04T23:39:04.829484Z","times_seen":179,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":119,"dns":4,"connect":7,"send":0,"wait":10,"receive":1,"ssl":100},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/secureproxy?s=%2F%40v1%2Fcdn%2Fjs%2Fcesium.theme.umd.js%3Ft%3D29517176%26u%3DzwYfD6Uycogc9-mEGDY5NjkwMDI0Y2I1YzQ4OWE2MTA3YTgyMA7fjSv-gmYmIA155A","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:50.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"GET /secureproxy?s=%2F%40v1%2Fcdn%2Fjs%2Fcesium.theme.umd.js%3Ft%3D29517176%26u%3DzwYfD6Uycogc9-mEGDY5NjkwMDI0Y2I1YzQ4OWE2MTA3YTgyMA7fjSv-gmYmIA155A HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dondaldduck.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 00:56:50 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\nvary: Accept-Encoding\r\ncache-control: no-store, must-revalidate, no-cache\r\netag: W/\"a0502-14+i6Bt7XM8ofHk8WpmFyqoPYWI\"\r\nexpires: 0\r\npragma: no-cache\r\ncontent-disposition: attachment; filename=cesium.theme.umd.js\r\ncdn-proxyver: 1.43\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 02/14/2026 00:56:50\r\ncdn-edgestorageid: 1056\r\ncdn-requestid: eb2da615f58af71bfe9141e51746d63c\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EPAMOC04upcAzBx6Imw9UtqxZ3felKSySTT4%2B5pyICA35VxsFCr%2BA4XJlMepoj3uOb0Fy%2FYIO2n2wmfPlyA0ug1aLNLQCjf1cxuZ1nBSNA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9cd89ba08e424e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":656642,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"96c2ff1601099c21c598c24e6f43c7c4","sha1":"d78fa2e81b7b5ccf287c793c5a9985caaa0f6162","sha256":"7fd19c564761e2c8c9b583cf30db810e313417c7d3572f637f8cedf4d2cc1e91","sha512":"d7df68372670f0173ac5dc3c54ee38f13b29703dde9f71ec74827b535735e99b2b253e07960d66d8c3230f13cf29f20aa0f083db014cee0710379ffab68932be","ssdeep":"6144:0ujB8gltIeTM5/S8g6zRh5gDVLU2GIt/KJAsJRrydM147u/lhDlEqH96lm:vhltVM/g61sNUWsSdG7R","tlshash":"1ed438c2821814f684eb0ab6d133a21fdb4cce9dc69f2d20bfe55c9553c87a292f655c","first_seen":"2026-01-02T13:08:19.247086Z","last_seen":"2026-06-08T13:18:27.600009Z","times_seen":2556,"resource_available":true,"data":null}},"time_used":367,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":139,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz//secureproxy?s=%2Fjmpd%2F","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:50.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"POST //secureproxy?s=%2Fjmpd%2F HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://dondaldduck.xyz/\r\ncontent-type: application/json\r\nContent-Length: 2196\r\nOrigin: https://dondaldduck.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2196,"data":"{\"route\":\"8XUwkBv9vhPYfVpD1fxb7EC65sUXJdqr\",\"payload\":\"7fThhwDH3wU4xdp2SzCq8yzV35D4WGHHH7sXyarbo1MovCmoVABLhLDPNYxHHhZvAGYmQAg1qmvtvPrEfnHBz8paYxwHHmzwtzgHRVWGwGco5F5eQwoThDjXFt5DDyvLSiqUrseNy52eFNVLEqvyHsbo6K459fQG2SfBmTQRrq9chMPHsCZTtcgyHWTFUeSTqeE5bRfoRm2Kf8XBvPdxv2cMUx1AUntARghzCwHBCAMukDnZy5ETkqEYSvdQyxRDkbyBWNqpkRtbvRZt9TB8QQE4FCyX4JuBowHudftfJYvjQUqV4cTvov61Q9wKSfwhsMWGyxyuSLXmPV49n2Q1Euzbw1uwLTuFNtY44vYP2VvhgfMv4g9Dg7o5phZff2DRGWr8PJhbJWeLENaEerLC9eLAQzsT3xJhNTiiLRj5shPeP9f9HVaWzPNacJv8eqg9TdvrFEKeS4M61s5SKAH2YbEcMohF4e43oWRS2wjBHBiiXK7i9CHTM9inBEEvoaP3x7HzNevmxz7TAQ9juPi2rpfE4iN8bHeFqQuQXgafLrkKQziJjxzaKBRVXgVn2aiHphxqkM4NtE38gMQgZApkZkpzByU4Sxkn7bqYjwEqhLqWnachQUFetRNgCAeo4TeJS6aPJhxuSLkxSVsv2UerED9Ed3y7QeU5mTm6ji1AYmrBeojjgBLDgQMWF9YxS6HmH4iVxiCu5EAqSVXxX4bR5fPW1jViGbkmvaxP2WWW3KE6DhCuiEwapeueLPowjx5D4ZgLXpJqWLj5tfFdDAyWHdRiNRVhpANf8VzbD5Lwncg2xAM6DkMidhbfVyqidgwPAmoDxVWsDipvSNp6GMzZA8ZkgCw1CX2RPuVQ4qYi1icQUcD71317htpTKSXifkuupAUZbFL6mRfbAwVAunkSSBQvrvXFuJfvo7tiDy5DCYEN9yT2cSsaWoNcGNEm2zCT1SEDAUj1k3ejrE8Cok3zMRZR6Vbq3nbuCYLCVqW8TENBS6Ei6iWNF7GrBBXvFP8MMAuannzxEPeRsrUHcnahATZWAfi7ehNXJEhcmfquP4K3L5RLCbUrn4cW1BiFMV6tVbGUmHpWtcAS14fneHkVDGm7XA8Z9PVJXS9oMFG6gLPwtGtxfAw1XXaydyKfgJuVqhysP15vXKjKm57UwtvZ2NBqHnHPRg7hhdEJA9vaEPQ5gkoJBHNcCuondEkoFi3nU7sUj3pTFSxRCCXWsN7rxfVBu97y4DxyTWJLkK57CQH5BH8NZVFqU3JzzWzreKo5XeAYa4c744a7v3DAqEHNCyNhxy7AP5rNoMU8hLjFVi9yRjqTjrBJZ75n9CTxmh13Fj2ZRRaGM4NgTE2k5nTo8rtt29AWomqUicpCDnY5vAHSn28njE5dC9hecwcgR2MgKfw8dgFuuxhMJ7KX6eQLWgd27N4rJP3dvkbmHNgm6UJ7g9PLJEFF8WKDDMkDS9TCp9fUSLoZhXCxn7At6HU2oZiAyCQdKx8vS7vQ5mA3XRfhSHVbt1UH9tDJfgvU4NLvcweJHsE5RjFVUhf3948W2Jt24x1F1dcMi6MqdAGoVG5eYyD55q2kzGG4MA8sEJcWXkotsV2oDsKS8JqbmVLu8U7VaVxuoBqdk3eDhuLvWD8zJiHr1UcJDVAz4vLvn2MQo5ZH2UrBqykoV891AwtFZJY91SN8Gf6QYaV6nuJ1MuWhhSqNYaVgLoaTVpGbV3dPcpNepR5Q9djLpLz7jSppPGYNdAcj3XXoFQERhshFmjydqVAMby4WiqDteXqHvBWrcEDoqk6Y7WC77zL9fWTyXvThyux7xXN8yTveysCEK3tKYH8nNNyAgLi9AUTveqMXiQYBSp6PfBheEDbFtzLEsFQFwJY2Z2Nt8wzkSCZQiAdyb47iHbt2m6WLyRUt2W7QAae1JnSz848EnKkUVj9QxjMA73eKwcppmviCXybwYqphxSMpMABSZEDBcbrKhxat9WVXUwq7rbTi4NoCdXcdaYY6aeu7vNxJ2QjWrURAFSWkR2qtZd6TcgWWiP4CrUNAzHUkSdgF9Cx3tvhThw849QHsXV2cTNY6rpRL5rhKAhTAMrVuFPNWSdo1C7NtMMKko1yjWt5hS5cQQftrXrsW4wjoWC5\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 00:56:51 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: no-cache\r\netag: W/\"e0-hokEVGylVsm+j6C8UL/gngJ90Vk\"\r\nx-ratelimit-limit: 10000\r\nx-ratelimit-remaining: 9999\r\nx-ratelimit-reset: 1771030670799\r\ncdn-proxyver: 1.43\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 02/14/2026 00:56:51\r\ncdn-edgestorageid: 1056\r\ncdn-requestid: 97ad8ff20c397ce257c5a1a4d3d2b0d9\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1AJBnH2lDI2SvgNNlid7o%2Fy1GENlJVBUC%2Fq%2BPpD%2FzFHdoRtbVkAql5C78Sd4Ls8VZumkoUqFvd0eqAFmJ4%2BSJ53XE%2Fb9Leyta9BrHjCjgg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9cd89ba52f444e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":224,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0e64004622e20a51981df18c4d21f7ea","sha1":"868904546ca556c9be8fa0bc50bfe09e027dd159","sha256":"f7ccc2a19b021575b7fb91e7e757405e7e57d5ef5bf2adcdeec42f6279b90227","sha512":"7ea973ddd7b0a0084b53899ab1f05ad1ee05b61178012c40e3e62a42d1c39a0f80d42e3acc84b913ab3fb953ee9831516e2c6a833cdaec1992684428f419c2f1","ssdeep":"","tlshash":"20d02351f0604e2c54ceb204f0e50028cc04bc0c8d18462bb95fd8ac3c64084caf44dc","first_seen":"2026-02-14T00:57:15.001912Z","last_seen":"2026-02-14T00:57:15.001912Z","times_seen":1,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":335,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-14T00:56:48.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 14 Feb 2026 00:56:48 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 21:05:32 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A95EJdJTPJAyUlX6S9zsEu0%2ByIMhZaG0o3ctmcvQZemfFKwLdRXCj3WJXIRuI9myNIL9OO9DCot94m4Z1nYdRj7RqGUV1%2BeRqF5YBu6Llg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9cd89b969c4eb28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]}],"data":{"size":78274,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"917934035688495f12a35042f20272e8","sha1":"12c7e1e7fa418d7a64618f051bb5d9d77ffae85c","sha256":"21852b057803efa9a7b7de563af969c0945402787c28556cc3c33dca8b269de4","sha512":"0e78dad67c0222ca532a8373e614227f49564ee97abcd815b24ee82bc4c5ac2ee33c65ff8d423c024761535e6ab2fe678f67f5e6083fa52f8c01b4c73f3d317e","ssdeep":"768:IdWfd9fWf9uWC8anfHjaJncaTQO3u9cTY7VOjrI0EEw0EEPXkMcLAmdyN:CbuqF3u9QjrI0EEw0EEPXjcLAmdyN","tlshash":"8973601926f240762c53a0f8b7db6a5eb63ae147dd2fdc64badd0100afc66b49cc6304","first_seen":"2026-02-13T02:59:52.510273Z","last_seen":"2026-02-14T00:57:14.989788Z","times_seen":2,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":81,"dns":68,"connect":1,"send":0,"wait":255,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/workbox.cjs.js","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:48.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"GET /workbox.cjs.js HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dondaldduck.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 00:56:49 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 21:05:32 GMT\r\netag: \"697bcb9c-63a1a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Zz2lnLPeuoF3W7wktSfa%2FCUL4ijeqtXAiuXBJrdtN6akKNso7EAZqjCgIGhqkRhEegV3HeSES1xiMrODdtswC6YCYqA5aefDYQW259QSFg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9cd89b996cba4e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":408090,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65159)","md5":"96bbd6f2628a841dcd953ac5d623f9e1","sha1":"283377f7471921242e0e8a2a282e46bd1def8c2b","sha256":"92194d8bf06c487e83d2631262f1e1ea65adc79e85de7b9e018aaf21c0e503ca","sha512":"ba0be88363a4668011079122a435f5bb1df527eb58210a48914b9631ad7b55afeffb35325b28a3e19b04f3d2429520026019a8f438418be688338160deaa42f0","ssdeep":"6144:d0bZqn05HMZwURr7sYECmDOYYPMPRrdTQHi6CTYc3m:d01qniFPRrdTB6","tlshash":"c7941f8b04bed4b7935068eb1d3a599da49c27082aa61c376603d8fefce9801d3f7574","first_seen":"2026-02-13T02:59:52.511314Z","last_seen":"2026-02-14T00:57:15.004331Z","times_seen":2,"resource_available":true,"data":null}},"time_used":292,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":289,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/3.png","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:48.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"GET /3.png HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dondaldduck.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 00:56:49 GMT\r\ncontent-type: image/png\r\ncontent-length: 201146\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 21:05:32 GMT\r\netag: \"697bcb9c-311ba\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pP4mUg6W1l3E97X%2BWOLEnGovVP0H5dO4bHo%2BKqZ2oFGrwt5fhW6Z8Ygv9yqT3zbsjwLMtPyJ0ajkdI1JM%2B2U9GagbGgZI0l7%2Bbk3iKdBvw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd89b998cc14e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":201146,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 398 x 275, 8-bit/color RGB, non-interlaced","md5":"7a0f4394b562b44d0183fda731ab063c","sha1":"4c65e989d1ed2e4ba9055ee803ea028ef60bfbcd","sha256":"978379c592a64d898e251907f8762bf03232b4140f04ce6d48fa5d7d21363e0f","sha512":"35cb45d87dbb14210679730f1f2e79365c64c9da0c8a23140750cb2b9d2d8833842423f4ff377206faca32f27ba74b7725cb38c457f989df011ab90ecfc3495f","ssdeep":"6144:Hliv0fy4vtNtccZyZK/vkM78evHMFnm/NCs3yh:HlicfXv2rwHT8evHMFnm/N1Ch","tlshash":"a914235ba48737f1eba3702f359cd5039ad2c1d493ece207e65ed2b1ea037809548761","first_seen":"2026-02-13T02:59:52.50164Z","last_seen":"2026-02-14T00:57:15.00677Z","times_seen":2,"resource_available":false,"data":null}},"time_used":372,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":157,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/comicneue/v9/4UaErEJDsxBrF37olUeD_xHM8pxULg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:49.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/comicneue/v9/4UaErEJDsxBrF37olUeD_xHM8pxULg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://dondaldduck.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 19244\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 11 Feb 2026 12:43:45 GMT\r\nexpires: Thu, 11 Feb 2027 12:43:45 GMT\r\ncache-control: public, max-age=31536000\r\nage: 216784\r\nlast-modified: Mon, 15 Sep 2025 17:01:40 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19244,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 19244, version 1.0","md5":"16951fb1680d3f156db16041da646ca5","sha1":"c24cd8da314621e651e8c5a6f6ae6200a8b589af","sha256":"13e9f12e3a0239dcf740e1c7ff37be1cce9b87ead0ad9bce838da1202ac9f91c","sha512":"e5ae05153b45b5ea04c97c6a2635eeeb39ee959045eaee9488269ea5e5b755db38cff5d0395ac00120071fd0014222888463b02ac3868c288b431d743e51ff02","ssdeep":"384:fIQdEIyVQQRQdMjyeHTz26ruBarlPe8n5iAEUqRvpG/HP06bjZWHi:wQjgNRQeyeHv26ryEl55qY/H86bjZ5","tlshash":"bc82d12d48f1c64ceb075fbe7e8aaf2f6a7d84f2a06cc08f54e54a9a50c4d4433064b9","first_seen":"2025-09-18T11:54:13.884562Z","last_seen":"2026-06-04T23:39:04.83087Z","times_seen":193,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":100,"dns":1,"connect":20,"send":0,"wait":8,"receive":3,"ssl":79},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dondaldduck.xyz/1.png","fqdn":"dondaldduck.xyz","domain":"dondaldduck.xyz","tld":"xyz"},"ip":{"addr":"172.67.177.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dondaldduck.xyz/","date":"2026-02-14T00:56:50.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dondaldduck.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 29 Jan 2026 19:30:07 GMT","end":"Wed, 29 Apr 2026 20:28:33 GMT"},"fingerprint":{"sha1":"E5:45:BE:4D:81:50:7F:0A:D4:5B:56:11:0C:0C:2A:CC:BA:E5:61:A6","sha256":"BC:EE:CB:10:60:02:D5:B8:EF:9A:89:B1:D8:1B:B5:1B:1C:5E:82:BC:FE:A7:42:28:C7:B2:A7:6B:8C:90:96:3E"}}},"request":{"raw":"GET /1.png HTTP/1.1\r\nHost: dondaldduck.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://dondaldduck.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 00:56:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 186280\r\ncast-mode: default\r\nlast-modified: Thu, 29 Jan 2026 21:05:32 GMT\r\netag: \"697bcb9c-2d7a8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pm8bFi0zCpi4RdfKGm2oY8cgX2tcDrPGcTP38YR8TM%2BT%2BO1pcOFcWZ8WTnhU76lUsZIUYWwUrZMWQpZj2Sfor5EpeDI7dqq6uW%2FeJ%2BtQxg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: 9cd89ba13e594e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":186280,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 503 x 496, 8-bit/color RGBA, non-interlaced","md5":"6a5d48913ed408e19107ff2d1d83e516","sha1":"15a09cde065aabb34d74b34ec322af9de4d8fec1","sha256":"90f2debce6d1c9b02e2ab97083e483e7590b42b4a92e02f275e575ccee116c0a","sha512":"d99d75f372a550721ef09bbe6adfafdeaedbfef722fd10f7db16f03b26ab0674beb99f04a5b79253fc265f15ad835061b5d8d4a3a4667f28418b5d7c7e85f5ce","ssdeep":"3072:CrPhqKWFdCfn/YrBXbOYq1Y39pfmtsALT3xa3PRsNlB7tXFGsNOQECA5ZuImTY:CrPhGFdg/yh39pfmtsMzxY5sNlB7tXFM","tlshash":"4b04129226ef83fdc2b24a072505da7190789b24458e7ac15e34d87c2b92f146c9f7f3","first_seen":"2026-02-13T02:59:52.506207Z","last_seen":"2026-02-14T00:57:14.983967Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"dondaldduck.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}