{"report_id":"b09a591e-a725-4080-988e-669c901badb4","version":6,"status":"done","tags":[],"date":"2025-10-02T16:01:13Z","url":{"schema":"http","addr":"naruto.su/link.ext.php?url=https://tdzebli.com/1/%23s9_Sulo","fqdn":"naruto.su","domain":"naruto.su","tld":"su"},"ip":{"addr":"79.133.182.51","port":0,"asn":211183,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"title":"THIS IS NOT A DATING SITE"},"submit":{"url":{"schema":"http","addr":"naruto.su/link.ext.php?url=https://tdzebli.com/1/%23s9_Sulo","fqdn":"naruto.su","domain":"naruto.su","tld":"su"},"ip":{"addr":"79.133.182.51","port":0,"asn":211183,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-06T16:01:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"unpkg.com","ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-06","domain_rank":1093,"first_seen":"2016-01-07T23:26:01Z","last_seen":"2025-09-28T22:13:25.076663Z","alert_count":0,"request_count":1,"received_data":29245,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]}]},{"fqdn":"naruto.su","ip":{"addr":"79.133.182.51","port":443,"asn":211183,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"domain_registered":"2017-12-12","domain_rank":1457475,"first_seen":"2018-12-25T17:12:32Z","last_seen":"2025-09-29T20:29:40.509365Z","alert_count":0,"request_count":1,"received_data":2219,"sent_data":527,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.26.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"openfpcdn.io","ip":{"addr":"18.165.140.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2021-11-10","domain_rank":9255,"first_seen":"2021-11-11T13:02:44Z","last_seen":"2025-09-28T22:54:44.384637Z","alert_count":0,"request_count":1,"received_data":15896,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"tdzebli.com","ip":{"addr":"88.214.27.56","port":443,"asn":209272,"as":"Alviva Holding Limited","country":"Germany","country_code":"DE"},"domain_registered":"2025-08-13","domain_rank":0,"first_seen":"2025-08-13T21:10:41.256815Z","last_seen":"2025-09-29T01:00:26.688791Z","alert_count":4,"request_count":2,"received_data":2633,"sent_data":913,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server:2","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"befjajh.flirtosmart.com","ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"2024-11-06","domain_rank":0,"first_seen":"2024-12-30T18:10:51.158169Z","last_seen":"2025-09-30T16:19:49.405285Z","alert_count":36,"request_count":9,"received_data":449706,"sent_data":4413,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Unpkg","description":"Unpkg is a content delivery network for everything on npm.","website":"https://unpkg.com","common_platform_enumeration":"","icon":"Unpkg.png","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"149056fccb5063e0260d8fb1f9e14966","sha1":"46cab50b3ca932a0ddaec7140a583f4d9a5ed11e","sha256":"a6e396bf650118b365fa4d73f3669a524d18f2af0905a8b36701d50c477967f8","sha512":"0c01b1d7121e9ba3d5d3b151b82e23cacac0b64ef34ebe757033e7b2d5f95cab8a96112dce0903d491ce07788567735cb70896478d373e9049ca4d06c35e2603","ssdeep":"","tlshash":"03d08069476505700d33f57d030ee74131fb90571144cd56b5ec01441f4074981f41d0","size":268,"data":"","first_seen":"2025-09-30T17:44:21.39311Z","last_seen":"2026-06-03T00:23:28.909619Z","times_seen":5180,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tdzebli.com/1/#s9_Sulo","fqdn":"tdzebli.com","domain":"tdzebli.com","tld":"com"},"ip":{"addr":"88.214.27.56","port":443,"asn":209272,"as":"Alviva Holding Limited","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"081c57654359c9e98068f585d63f6f32","sha1":"daa034a3062372016572618110ae892e9ba48dac","sha256":"51d0aca0b92ffaf13ee49cad5f8dd0bda4352a93fbe614ab6b7c98cbe0ecaf6a","sha512":"26519650edf17286aae37d3228a06e5763fb338213e8062a76a3821b3ca0d113a817fc31418294609864e67ea5fcca03247151c52868fae66dfe29a513e86cd4","ssdeep":"","tlshash":"38211c671897002e2f93005e3b6fb6ab70a264272449f409b0ae8f2d1fd0e21e4b35dc","size":1243,"data":"","first_seen":"2025-08-26T14:55:44.85854Z","last_seen":"2025-10-15T18:50:56.022624Z","times_seen":2250,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openfpcdn.io/botd/v1","fqdn":"openfpcdn.io","domain":"openfpcdn.io","tld":"io"},"ip":{"addr":"18.165.140.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"234a8c1c15df9b03c65e9e14c82fc872","sha1":"e5ca36727846aede7dfbc07e88b2b025eb0cae90","sha256":"29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89","sha512":"9aeee4e620de49e0ed303917e9afc1806da0815896bc5feef3add9f89e0429678bfe0d9f0ad3fc940bd8e48f7e235e5c8d23463407c42b6fbc740b50c43a0b53","ssdeep":"384:/yKlnAKXPD899vDMKXExXI7EhgKkVGVXvPGt7MD:hfPD899vDMKHLVGVXvPGNA","tlshash":"bd62a4cef996b07553bb34a1503f2206b2362655745e84a0cf2bc2c16879e5ac23bf6d","size":15196,"data":"","first_seen":"2024-04-04T09:37:24Z","last_seen":"2026-06-03T10:45:07.265285Z","times_seen":13443,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/348/assets/js/functions.js","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"d25e53cd9b95763c770b43e2fc58fb42","sha1":"69051418108981fbe7801946f89fe2f3ee8a3b90","sha256":"f15c1d2a36ed9d645fdb7d95bd4b82180fd8f67aad00e12d0ed5d9c52e48726b","sha512":"a91a8f88f66fb581e8c7067ffa920bb893a87650359400740475259ccf942cc0ad4e999179107d66996d4751bfa64294007387b19699fcf360c4c80e762306e0","ssdeep":"","tlshash":"1311ea0836f7113ca07fb0b64d3bc488273750077006ce19f0ac9a9c6f5032ca7daaa9","size":1060,"data":"","first_seen":"2023-03-14T11:16:11Z","last_seen":"2026-05-28T06:13:53.103688Z","times_seen":72,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"41d3ca5bc39fdba48b5e6c0db52c7e1a","sha1":"3a20a6949e1fe331ba65a7be90cff19e72ea4267","sha256":"262d4d16bbaddf27125175b4096ed1f82fee2e6010b3749626749d7b6193ecb7","sha512":"d3e5454f541945870b5d8da97802533f6fd4afaac276de39eb0293d7901e6f86bfcd470ac9c8b719f85c012600d542b126e8fb6ec16776e7d4e8e284178c36bf","ssdeep":"","tlshash":"9d21cb5d6091707435f7b0b6aa1e62503133028f202facd2b9dc3305af39e0e0b83b41","size":1225,"data":"","first_seen":"2025-07-05T17:30:26.75814Z","last_seen":"2026-03-23T22:03:17.435522Z","times_seen":3562,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/just-validate@4.1.0/dist/just-validate.production.min.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"713352ee6a16034c696a6e2785b92280","sha1":"6289cf9b1f0e775ad3feb36b0fcfe5af301a0e5b","sha256":"c08b11b232cea03b467d40d5b0990d7deaee04ae1de7af2d4eb94c3544b4c1a5","sha512":"8c42085cda5010ff9eb71174f3f5af3f94f276ab1b134241ed70cd37b3c8d7b8efc7a0899e964be8cef88474da2bee314158b86e45a64ecc0294f8dd628de2fa","ssdeep":"768:VkW++Jv/0btODUsl7dMrXfSCiwgRgpZ1UuVvw1CByfDwty0HD/h7PCByCrCagSZi:mCsRXaCiwgRgysnY3gSK6U","tlshash":"0ad2d606267109234dd94ae9e08b9543b3d1375da518a4ccf73dacfb9a8dec630937b2","size":28389,"data":"","first_seen":"2025-09-05T11:13:19.031002Z","last_seen":"2026-06-03T16:20:54.432823Z","times_seen":8682,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"b973934df0365916e829f07562beb64f","sha1":"a56c856bc98d15c332f66ae1b93780a713fda314","sha256":"aa4ccf092a2512330713fe613d558413237ef14e3341b9beab517e5dee61abb0","sha512":"2d96fa0806ea30f6cde3a06a49f190250939c731dfcf5762d1e0b43ffa7b479ef68d5872e96f3b8fa1c720c061e8f3e42b34aa61e9c339f57ba53ce267f17483","ssdeep":"","tlshash":"d1818d4bc18f1122eee199baaf764e7880ba87d46081b523cb60ad74471b5adb41f5c3","size":3955,"data":"","first_seen":"2025-10-02T16:01:16.855176Z","last_seen":"2025-10-02T16:01:16.855176Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"e7d6b85edb141824af8951e19333337c","sha1":"76600b2cb1978ca24d9fe39b1412f052da855ddb","sha256":"6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e","sha512":"caeece2e9f68aeb3ae0f077644afc417304c4c867674e779cc0acaa30e372ccf7cd42080fea47f986508082f15f7dfca6071def8dc77206af61167220c34c686","ssdeep":"384:JUr/AGPMPeRBiJRBxdMCD6AvSEzZMOC51MACXvAbXIORv1QpjXuBsb6ec3x7ZonL:JqAPbBRvB3ACfaYOTQpz0eEdAL","tlshash":"bed23a4d30df343a03a266d5212fe508b5795ec4700d4440eaba9a943df4eab627ffe9","size":30685,"data":"","first_seen":"2023-03-07T01:14:35Z","last_seen":"2026-06-02T09:02:49.942196Z","times_seen":8054,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/348/assets/js/jquery.min.js","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"a46fb81762396b7bf2020774a2fb4d9e","sha1":"fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7","sha256":"d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d","sha512":"40759595b05808dd911075918bdcc32fb91362019bdfca24827043b8e54116e6ebe7362050ec72182b66481f1dc8d4ec4c8942c984fd597659313d71ad60dc33","ssdeep":"1536:aLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:+kn6x2xe9NK6nC6N","tlshash":"378319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:10:49Z","last_seen":"2026-06-03T12:44:12.698088Z","times_seen":61644,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":true,"md5":"0cfd65ff49922840ca64af529f37ee95","sha1":"bfd94eb90d17c39597248dede47c83ba4e2ced72","sha256":"55ec1f09294dff1b44d52e326535f06024025ca63bb6fe48882a126421298a15","sha512":"5aef95c803a1c71d52a841eeedb3125377d7fe1cc918c1509056d6cb79d3971e34fabef2ff6fb13e90010158c847a5f9fd6a7274b0a2426094701fe9dfcb7f59","ssdeep":"192:5pj5FsCEQ0p7/OorR2X1Yiubp7A9M1TKXjyLNLwzTLWI:zHupIYiubp09Md9M","tlshash":"e7e1dc9924f2616509bb70bc9fdf9224317a541f24899a10bc5c07d4afacd7ca3b0fe8","size":7438,"data":"","first_seen":"2025-10-01T14:30:08.801322Z","last_seen":"2025-10-21T10:02:02.639533Z","times_seen":826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/348/assets/css/style.css","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T16:00:55.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/348/assets/css/style.css HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/s/42cf1c2250951\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 16:00:55 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nvary: Accept-Encoding\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14132,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"9aaa618f267c120b3b6cfd42c8e18fc1","sha1":"487ee1e87a9285b9fde31e7e121f4ca4c234c6f8","sha256":"e258e71e6c8787e1c12ed7ae57158415159c200a5353edffa7b2929454880a83","sha512":"c4ec36ec420a0219a3e8a4d3c3549a9c2d3e0ed8ae7cedb56ad6be74b17389a750fbc808e0d292c852f20c33388792a93eb7f4f3b7ab9834290018c857814d15","ssdeep":"192:MlO5bRFrIoIVEspZGNFAFzulNFVvNh4zT6AXs0WxxXqxixBUw0dXXMpTI4++gy:fFWEsEFAFzutx","tlshash":"7a523f522aa36004f897d9642bb017942354d403dd8fddbabfc2716cdfc96c96aa238c","first_seen":"2023-11-10T23:10:29Z","last_seen":"2026-05-28T06:13:53.115264Z","times_seen":72,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/348/assets/js/functions.js","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T16:00:55.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/348/assets/js/functions.js HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/s/42cf1c2250951\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 16:00:55 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1060,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"d25e53cd9b95763c770b43e2fc58fb42","sha1":"69051418108981fbe7801946f89fe2f3ee8a3b90","sha256":"f15c1d2a36ed9d645fdb7d95bd4b82180fd8f67aad00e12d0ed5d9c52e48726b","sha512":"a91a8f88f66fb581e8c7067ffa920bb893a87650359400740475259ccf942cc0ad4e999179107d66996d4751bfa64294007387b19699fcf360c4c80e762306e0","ssdeep":"","tlshash":"1311ea0836f7113ca07fb0b64d3bc488273750077006ce19f0ac9a9c6f5032ca7daaa9","first_seen":"2023-03-14T11:16:11Z","last_seen":"2026-05-28T06:13:53.103688Z","times_seen":72,"resource_available":true,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/just-validate@4.1.0/dist/just-validate.production.min.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T16:00:55.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 10:31:15 GMT","end":"Sun, 23 Nov 2025 11:31:12 GMT"},"fingerprint":{"sha1":"77:EF:87:8D:9A:D6:8C:EF:F9:8F:05:89:BF:F2:6B:C2:CF:78:19:EF","sha256":"3C:23:A9:CF:90:2C:6B:74:27:D0:FC:3B:92:A8:A9:AD:66:5F:B0:D4:DE:28:80:4D:49:D0:4C:22:AE:D2:F3:90"}}},"request":{"raw":"GET /just-validate@4.1.0/dist/just-validate.production.min.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 02 Oct 2025 16:00:55 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-encoding: gzip\r\ncf-ray: 98856a5bbf2156a5-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 553999\r\ncache-control: public, max-age=31536000\r\nexpires: Fri, 02 Oct 2026 16:00:55 GMT\r\nlast-modified: Thu, 04 Sep 2025 18:07:59 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncontent-digest: sha256=:wIsRsjLOoDtGfUDVsJkNferuBK4d568tTrlMNUS0waU=:\r\ncross-origin-resource-policy: cross-origin\r\nfly-request-id: 01K4AYKYJ8CZHGB7GS0VB37ANW-fra\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]}],"data":{"size":28389,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (28388)","md5":"713352ee6a16034c696a6e2785b92280","sha1":"6289cf9b1f0e775ad3feb36b0fcfe5af301a0e5b","sha256":"c08b11b232cea03b467d40d5b0990d7deaee04ae1de7af2d4eb94c3544b4c1a5","sha512":"8c42085cda5010ff9eb71174f3f5af3f94f276ab1b134241ed70cd37b3c8d7b8efc7a0899e964be8cef88474da2bee314158b86e45a64ecc0294f8dd628de2fa","ssdeep":"768:VkW++Jv/0btODUsl7dMrXfSCiwgRgpZ1UuVvw1CByfDwty0HD/h7PCByCrCagSZi:mCsRXaCiwgRgysnY3gSK6U","tlshash":"0ad2d606267109234dd94ae9e08b9543b3d1375da518a4ccf73dacfb9a8dec630937b2","first_seen":"2025-09-05T11:13:19.031002Z","last_seen":"2026-06-03T16:20:54.432823Z","times_seen":8682,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":6,"dns":0,"connect":1,"send":0,"wait":30,"receive":0,"ssl":6},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/348/assets/img/bg_1.jpg","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T16:00:55.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/348/assets/img/bg_1.jpg HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/bundle/348/assets/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 16:00:55 GMT\r\ncontent-type: image/jpeg\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":115081,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2004x1000, components 3","md5":"a767eae01f3a137698e74616795bf414","sha1":"259151c26471e9801249669b6fcae52360452abe","sha256":"778ac278ca2f9550d873073eaf5fb6cc68e447d3c50095eb7409a20320cfc253","sha512":"2468bc513b9257168320892931a0f64c05503e18dadd6a440055adb5b908f55655fc31e9819573f69985cadd8a2f6c6a61c5d142a72fa2c0a2a756af4586266f","ssdeep":"3072:dvYwQ+BEGTfuyWouy1XkYWw6ReLsl3YxR9V+qZCT6K:dCoECeny1HWwWrlO/nZNK","tlshash":"5fb312275f6e5e58c0bb0af12f712b33e6434da4eadbef0165186a104c0977a7e74842","first_seen":"2023-11-10T23:10:29Z","last_seen":"2026-05-28T06:13:53.111814Z","times_seen":72,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"naruto.su/link.ext.php?url=https://tdzebli.com/1/%23s9_Sulo","fqdn":"naruto.su","domain":"naruto.su","tld":"su"},"ip":{"addr":"79.133.182.51","port":443,"asn":211183,"as":"AdminVPS OOO","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-02T16:00:47.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"naruto.su","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 Aug 2025 23:39:39 GMT","end":"Tue, 04 Nov 2025 23:39:38 GMT"},"fingerprint":{"sha1":"A0:3D:C5:ED:04:64:AD:E4:D7:46:A1:F0:E6:9B:8A:37:BE:CA:50:36","sha256":"6F:E0:09:27:B4:38:73:03:84:7C:F7:2C:86:07:BB:18:C1:C9:3F:7D:77:E0:4E:5F:3D:EB:50:9E:80:BC:7B:B0"}}},"request":{"raw":"GET /link.ext.php?url=https://tdzebli.com/1/%23s9_Sulo HTTP/1.1\r\nHost: naruto.su\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.26.0\r\nDate: Thu, 02 Oct 2025 16:00:48 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.4.33\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=31536000\r\nSet-Cookie: DCMS_SESSION=18a5bafd6325dcdf5bf089ca2e83b15c; path=/\r\nLocation: https://tdzebli.com/1/#s9_Sulo\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.26.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1756,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T17:55:46.471571Z","times_seen":16085743,"resource_available":true,"data":null}},"time_used":286,"timings":{"blocked":91,"dns":0,"connect":30,"send":0,"wait":104,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openfpcdn.io/botd/v1","fqdn":"openfpcdn.io","domain":"openfpcdn.io","tld":"io"},"ip":{"addr":"18.165.140.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tdzebli.com/1/#s9_Sulo","date":"2025-10-02T16:00:48.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openfpcdn.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Wed, 27 Nov 2024 00:00:00 GMT","end":"Sat, 27 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"DB:8B:1E:08:FC:EE:6F:56:28:0B:74:80:37:E0:DE:69:D3:59:96:8D","sha256":"C1:3F:58:99:2C:D2:A0:B9:C0:DA:6D:01:AE:FD:93:AB:09:79:09:0C:A8:0B:EB:21:23:E9:A8:78:90:96:EE:55"}}},"request":{"raw":"GET /botd/v1 HTTP/1.1\r\nHost: openfpcdn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tdzebli.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tdzebli.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: CloudFront\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\ndate: Thu, 02 Oct 2025 13:39:21 GMT\r\ncache-control: public, max-age=577161, s-maxage=10659\r\netag: W/\"5co2cnhGrt59+8B+iLKwJesMrpA\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2326d893bfe30ed4dc44cb66c9e9ed24.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: HEL51-P3\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: JaeXTvd9OPjtCqlMQuv51LnKKvxsILz2srNfwGKW8K-3VyuOXWOshg==\r\nage: 8487\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":15196,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (15005)","md5":"234a8c1c15df9b03c65e9e14c82fc872","sha1":"e5ca36727846aede7dfbc07e88b2b025eb0cae90","sha256":"29cb26e06f2a4a877f1134a46480d9b78f8b6e0e6f9b0fe67e34307c312b5a89","sha512":"9aeee4e620de49e0ed303917e9afc1806da0815896bc5feef3add9f89e0429678bfe0d9f0ad3fc940bd8e48f7e235e5c8d23463407c42b6fbc740b50c43a0b53","ssdeep":"384:/yKlnAKXPD899vDMKXExXI7EhgKkVGVXvPGt7MD:hfPD899vDMKHLVGVXvPGNA","tlshash":"bd62a4cef996b07553bb34a1503f2206b2362655745e84a0cf2bc2c16879e5ac23bf6d","first_seen":"2024-04-04T09:37:24Z","last_seen":"2026-06-03T10:45:07.265285Z","times_seen":13443,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":97,"dns":64,"connect":15,"send":0,"wait":15,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/348/assets/img/noti.png","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T16:00:55.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/348/assets/img/noti.png HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/bundle/348/assets/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 16:00:55 GMT\r\ncontent-type: image/png\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17225,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 644 x 539, 8-bit colormap, non-interlaced","md5":"04735d5cacdf7b8c0950f0afde5d320d","sha1":"7afe859c49253f8c71077f3a6bc5b3c075918cf9","sha256":"c67bedb275e5c77e33e440e4528a4a48f97c2e9df9e289230d2de7809c598100","sha512":"214f9e27d4c6f4f14cfdb9ae341ebc173d76dd62a40a46be4e2631c6941ddbeed2118816f5d5b745d66be8f8ca37eb206c6b87fb66709a5210650a411b3fcd39","ssdeep":"384:Frg/wqi6aoXGwoCog8iS4eUzNA2dHSfBYwFxv+xPwTJ8WZ:CLi6aoXOBoSMW2wFxv+VwN8k","tlshash":"3672c0f9d48b95dadd1bdaf0168694f8c0dcefe3a3d924af2155083337820ac1b36568","first_seen":"2023-11-10T23:10:29Z","last_seen":"2026-05-28T06:13:53.123114Z","times_seen":72,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/348/assets/img/bg_2.jpg","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T16:00:55.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/348/assets/img/bg_2.jpg HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/bundle/348/assets/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 16:00:55 GMT\r\ncontent-type: image/jpeg\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150306,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2004x1000, components 3","md5":"c2f8e913b445d99632e689181bebdaf3","sha1":"61327327d9bd47061d8091c6581fb5a8c0d5d6b9","sha256":"db1a3552ad9ee0252891be2881995560def3caea01f12798619c001fcfac2bdd","sha512":"fa2dd3a45073db0eeda9ba3fd77aa820b3720ab8f3793377e8d107fa8a0de77e5cfd1f26aba2395f4b83be047ca0e7dea74f0c8c1bf665f642b5a82ce72135e0","ssdeep":"3072:1d2WCQc/dFn8NA/N26c47rgvE3f0qAkq33hCQaigzkk:idF8NA/NlXAkka7zL","tlshash":"49e31323aaaa1c47d7134639c51f27e5b7234bf0c980581443d9ab391ea3ca7d7de60d","first_seen":"2023-11-10T23:10:29Z","last_seen":"2026-05-28T06:13:53.10986Z","times_seen":72,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tdzebli.com/favicon.ico","fqdn":"tdzebli.com","domain":"tdzebli.com","tld":"com"},"ip":{"addr":"88.214.27.56","port":443,"asn":209272,"as":"Alviva Holding Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tdzebli.com/1/#s9_Sulo","date":"2025-10-02T16:00:48.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tdzebli.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 13 Aug 2025 00:00:00 GMT","end":"Thu, 13 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6B:CF:51:C0:07:A6:AB:B1:31:F3:75:5C:9E:6C:A2:90:7E:9C:BB:DD","sha256":"FC:CA:17:A5:17:E6:93:7B:E9:36:BD:D2:95:00:67:38:12:F3:92:28:5A:4E:21:4C:78:B4:08:37:F0:13:0F:FB"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: tdzebli.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tdzebli.com/1/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Thu, 02 Oct 2025 16:00:48 GMT\r\nServer: Apache/2\r\nContent-Length: 315\r\nKeep-Alive: timeout=2, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server:2","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":315,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"a34ac19f4afae63adc5d2f7bc970c07f","sha1":"a82190fc530c265aa40a045c21770d967f4767b8","sha256":"d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3","sha512":"42e53d96e5961e95b7a984d9c9778a1d3bd8ee0c87b8b3b515fa31f67c2d073c8565afc2f4b962c43668c4efa1e478da9bb0ecffa79479c7e880731bc4c55765","ssdeep":"","tlshash":"b0e0e75f41473347402252907dc110d1d505236b797161fd3d85b4ab501dc3dc99f7dc","first_seen":"2023-03-07T01:02:33Z","last_seen":"2026-06-03T16:36:14.405944Z","times_seen":145751,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/348/assets/js/jquery.min.js","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T16:00:55.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/348/assets/js/jquery.min.js HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/s/42cf1c2250951\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 16:00:55 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":86927,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators","md5":"a46fb81762396b7bf2020774a2fb4d9e","sha1":"fb5edd7a663dc8dda7ec10815a7cd82a30fc98a7","sha256":"d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d","sha512":"40759595b05808dd911075918bdcc32fb91362019bdfca24827043b8e54116e6ebe7362050ec72182b66481f1dc8d4ec4c8942c984fd597659313d71ad60dc33","ssdeep":"1536:aLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6tv:+kn6x2xe9NK6nC6N","tlshash":"378319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:10:49Z","last_seen":"2026-06-03T12:44:12.698088Z","times_seen":61644,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/348/assets/img/favicon.png","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T16:00:55.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/348/assets/img/favicon.png HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/s/42cf1c2250951\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 16:00:55 GMT\r\ncontent-type: image/png\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1194,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit colormap, non-interlaced","md5":"e8073cd460e8d7469633099834659549","sha1":"af524b0e7cb82d90a67602109a550380aa8850dc","sha256":"77df391534b58f0024b7e60b35b1b595188436e24735a19e943d0d5a7d3fc33f","sha512":"e332d57d0d77ce8e7dde2e5fa2c92c547c33f01aa5febb2adebe3bc6f1eef3eb18c361c110a1386973c7f9b105ebc9d17d81ffdb60b0a7b6d50d50996a50a060","ssdeep":"","tlshash":"6e21448952a5ae5b016da965282ae9f3087547364282e89100dfa334e527503fa77543","first_seen":"2023-05-15T22:13:29Z","last_seen":"2026-05-28T06:13:53.113867Z","times_seen":272,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tdzebli.com/1/#s9_Sulo","fqdn":"tdzebli.com","domain":"tdzebli.com","tld":"com"},"ip":{"addr":"88.214.27.56","port":443,"asn":209272,"as":"Alviva Holding Limited","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-02T16:00:48.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"tdzebli.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 13 Aug 2025 00:00:00 GMT","end":"Thu, 13 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6B:CF:51:C0:07:A6:AB:B1:31:F3:75:5C:9E:6C:A2:90:7E:9C:BB:DD","sha256":"FC:CA:17:A5:17:E6:93:7B:E9:36:BD:D2:95:00:67:38:12:F3:92:28:5A:4E:21:4C:78:B4:08:37:F0:13:0F:FB"}}},"request":{"raw":"GET /1/ HTTP/1.1\r\nHost: tdzebli.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 02 Oct 2025 16:00:48 GMT\r\nServer: Apache/2\r\nUpgrade: h2,h2c\r\nConnection: Upgrade, Keep-Alive\r\nLast-Modified: Tue, 26 Aug 2025 14:41:22 GMT\r\nETag: \"6dc-63d45aa738880-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding,User-Agent\r\nContent-Encoding: gzip\r\nContent-Length: 701\r\nKeep-Alive: timeout=2, max=100\r\nContent-Type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server:2","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1756,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"9e59d2085fbd522816ad5070068cdd43","sha1":"1ba814b9d1fdd9a50851cb776bf7b11d1a12d660","sha256":"e8ce51106238701772193096dc28a411356eb152398117fc3a00e56adfa49569","sha512":"6d9ec1064d89a4d1b1129b067a260466cbd2cf8b6d028bf276629456527e5df48a2a45867835ea6fea4ab4edb947fb704c683246b7eeda12a824f48814ffcc08","ssdeep":"","tlshash":"7531535789c9045b6a730139f7b1f3a7f4a225231681f118b09dab3a1ff0e40d863ac8","first_seen":"2025-08-26T14:55:44.850355Z","last_seen":"2025-10-15T18:50:55.962421Z","times_seen":2250,"resource_available":false,"data":null}},"time_used":502,"timings":{"blocked":229,"dns":68,"connect":45,"send":0,"wait":44,"receive":0,"ssl":115},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"tdzebli.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/s/42cf1c2250951","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-02T16:00:49.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /s/42cf1c2250951 HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 16:00:55 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nset-cookie: s=mrQWKmvTaL9ZON7z0MaL6AicpSn1090fCayvIkuT3Zu9CzHgDExQ0D%2F8V8NRsbiox2qSSHDZNPyP%2FAFsYJ5eeSB%2BNvSRHptb9xe4T6R7DU3l5%2BQqPJrbdS7dL%2FqOKQF4z%2BDDKDraxjuB5JFuANGUvVhx2BQF5w8Q2POn4nYDD%2FpIl%2FRcuBAJ%2BkpLPeIqOKZcPgphGSqmrJYWfBpWsEwEyRDN3sclNBB6sUGLtt2EtVl6RzZXjnqX1dEbCuL99gmEFtI4nZN%2FKgQ%2FD6ygq8SYmK6r0ZwsHfWQVz%2BlU0TE1P5OqiNnoS9ZuXNHMEFNp9vDRfiAu4CJL99QLl%2F2Te20IciB4AnaRbIZrsxqtUvjxnq2pd4VknFfq%2F%2BJ5XWkt8D7fqu6xVod2bKbKNVdIB2vS7jt1vcnQ%2B8ClgRLn2oYkOow98iUOne3pEJ617La04f2VaAWupTt6OylGhfE9t0T2w9S4pg7jfzZOjSND6GUbOovSsCc6U%2F6pWiLoN5wWsq2g%2FgaNLjtezh6zBzlpce5wh4LJUx0NQOxGoTMpXKvX6PYzcvJ9f8HhHsLaspyeJ6zWJUUpQnKgRkNEQyfQ1ogcKV0MJOp3F2qeNpmLRnyU18g%2Fpw3BHWshKmB3Jxs5UE6PGMJDQ%2BAcWP9NNhKPrz6lDcLbGf0WWIgOTsTzNvqZAcKsGvReykXVzfcoAcSRjZOey5GiflS5kpUJbBezT1vGp0KEsoBVrQ2%2FOrhLXCjfUvXB3fWmTInrg34BR9qHff14ZlBisKxEczgCTTtp7%2BUgpaMn1ndBarD3vaLV1tgG7xq6eofj%2BK3ccvALyi0MyZrk206wr1Yl%2FD6R6y27DgCXeYCjdhOqSULM7ShgROuq0E%2BsI9njg6l8jc16PSBSWPFJgSe66QJJ%2F7s5tSQInTiYuUfEmUS8GSPnSZKZr3%2FVMhzGTd89Cdupn8ukgb6A0GhDC9Zwd8GUSzDKB4ehzxC4UvBMWFqbI9OwtogD5SeudVKfOdxP%2BIibehF1MlArDZnZDK5d%2BSKJuFRSl8rOK4theztaYynCQ6ghNiwTGIqcihNllCscW2Aby9o6a6xA7Lm9yP3hyAwn%2FohHFPtq9n8ds2UHklG9PO0D1JVngA%2FJ8r6kREgyghH9VkXKnUVzNrpgmRjQHaab%2B%2BTmvQj41f%2B5Z%2FR9OHAJh%2BupZfo8DoewnQQTdlk%2FGyeMAFkWMlOBmOFmVTb150Inyb24MbhaWlo2IxYcJuczF8PqeMtYjnQR85MySdafRIEgdn0knLBumj9NdAu0K2zNdnO3jF0Bx6dCxwX7QP8xoddycIFtFD%2BplXaghpo8l3YTqpV9pxK67mlHBEKBqnoiUoFHzI2FOgxMxnSO5l9v1DQNf%2Br8bgMc7rgR4f%2F0hn6VIakw1l%2Fk53hC9uKiKLgi%2FnuBAh4al2Vu8egNGnWhM2H%2FE%2B8GnQmM1MQH%2BFzNYqxzBWJGjRXzw2O7t%2Ff%2BjOoBFSTxkCu3IcDS%2BjiRcHOmkz9ONbGQYIhkY%2BIBPv4RMt5nmROBgHidM%2B8YLZjzNYTAp07CHcX6gURP68bpLqYi8lrY3jPGQOun%2FDjE%2FDW%2BZq7FSdDLpJmwnZuRv3DDzTbL9Xz%2BPg4BpNRPalQKR5InlKYWF%2BMsDdqLWEVFEgcxDKU0%2BOYMw7yYXT%2BhqnAHlbimI9PtHVpTpzDjl3EqIqz0tiQcfTIIpfkDiD6mXD5O2Y2zWyNbXQTs%2FB0rgIDBFD7xvRx9oYE4DsxMbRoYBNmcYtAdmTCO7x4HcgxiZiItR4%2B3HbONj0B%2B9RuhwcacrNvLkrJPX35A75t5zH2QPGZPkEXwSduIcyhDWjmx7RuQxx%2FzenX82%2BI5CM1aNPFLAkCReir4QqjjKkqjb3CMUrwPdkX3urWHMSCxUz1LElDCwJyB%2BKEDw0CWgUZU1NTN3SDJm6gPMo7Pcz0UMS2x5GLkRm%2F59piDqz6M3YtWPPvFMc0wJNmkmTk%2B5%2Bs1pexMzvoqoFSeW0%2B9X6QndjPgl4%2B4uv9WevO%2Bk3r3N0y1E0s6QOSlEGiSEH78mSoGvZLSCOWy8XT5wyqda0xCD3Au6%2FIU0wWEUhoeCcsREGhi%2FsoaeJ4J0fZWmjzQb0QR28gVC%2Fc3ScYWqzEgY71lPiaZ8kbnrqXUg%2FBVYrAOb7A8cm2pvCARdcWN2yfrt3nwLWf9I1gZk1pk6vJeCeOdayggFaQRRd68WQR3qAo76BjhE9Mx0PpqPOBL%2B3O4OcsShqwd2YkoM9be0eFxSbweWYUKuRoPWIUkMSlrw0TpZflHwuABsMlTjSdIwVUrPaQAStx3VHbkf3NxLxJZIYbek8XpAYclYPTUUd%2Fl9PgSkJmFVsG%2BNqKMh0f9aw096%2BWwpVNejeZT8HdyVPx5q6FPRdkxqQ%2Folkuc2YW05rLEEl1ldC7ZtEdgx%2BhfbLbZhes4c5%2B1XX7t%2F8ofud5LN4JPVU%2BdkFPAinrheFFkVZP3fNTRDbpLUb5Yclmma0pZQohyWk64ulvUnlv8%2BK0sortarmGOiygQJHohB1PqUxkxLiyxaBLYc0qNLEC4aCK%2FHsUyRatt22yw4GrYLke3dJfxAHPShnm7VTi0NrxMQwyeyUt0%2FURM2Ggnk1JOB1nmrK1zsbzeqd%2BbUioeg5URylhlAN2U8SJ2JeSyUYMNKM1E7zg2gr7dq%2Bd7MzV%2Fl8G6fAMC0cz49u3Ey4jLciX7luEurJb7kV6usvQ64%2BS7b%2B0BOobp1k%2B3rhCg8mhYLAq2FQeZTfl9VrsbOE7LRxEybB%2BO9F7AXWmtCaogf6MgNDcBYkgqd77y7hailwM3Lx96hHYRZLd9CCLmwFFftYXnrSa9LA%2BOlmgkJe0ArECSocLoPga9b6YKgvwuiFEpg5pskUBkx5%2FUFQZK%2F61%2FfOoPCoS5VFH3Z%2BMqDngKJsGa0Kv2kkeqV0ubDXm%2BeCnZX9hCh3hbA%2BM7Ks7h2oxaqY5%2Bolul4o%2FaQTOG6ygheLM2w%2FFHtVUFFHkFI0QwBLCofR7PvT1JYECOaYbRVOgd3s5zeLbYAquYIK3mVG6gPKUPtHBegNO94wHI1tNckKLsHtApmej2A%2FjDFiWmW0AHln1To8mY3R0p7ulIGsviLPFDqRVun17CMpM6aR6gIkgohWpoWye4NBR7fqCRaCmopj9R07eAGQvQxhKQDLKX8uha0kN%2BdOHcQAJzLRP4gPgNcdABGKcmVDWp0NicDv9J%2BdwiSY7DkfopGX%2BZeJJJaavllTHj91vQ%2Fihe76ywgL%2BixAzv0HhAWEo5j6E8V2Q6cpoPCrvE2KtFRju8cttv9G%2F4g0kIdvhCHNxLTFpxgttJM3XWXAHg8ux5g9Y5DOtngGbw5PMs4vAxYVqebs78%2B%2FgQHf6hTNcASNjhGSYlotDh%2FR5GCep2Je6P1GE5Pqbr9%2FWSyM5PDomallG%2FP9deGqxQvpQ9brUdKfkmsLef2mvixwI6Yt5SySVW9s8TacyoNj4j%2F01sKJH6j4OiKAfujyOEDwg7R0W6xi4mQCxgVbUfSrdgzIMCDlF8uTNRY%2FiEOz0SVsLt8X9kLdF6KeMNxDhRs9QuqwmmfGkgnFZtg5GEuWmw9keILh3ym%2F5CChlNClFSc08n81LOl5MQLfOr%2F6iL07jFEoOGH0JdUBV5CZzluAyFqZIRiKVKTiwnyApDod58FyJC1tfzvkbuQtjO72YSgA%2FzbQKQbwwt46x2skcl520YwnUkrREdCayyvj5IxhYxdOh8xaqBcwJjSm3vW3fbrTsfgHpzQTq1l7bzbo0pH2ZISrVb31jVZnlODquVY7w4c8ceOGzOOU4ygpSxWU1BmPTBkAVKJYlgRHJxzjb0OUH9BAvzKLVwS8jSQa%2BKyP96W3%2FCA8Ufi5udEx8PmWdPERxGtfJDqRUj7%2Fs; expires=Fri, 03 Oct 2025 16:00:55 GMT; Max-Age=86400; path=/; domain=flirtosmart.com; secure; SameSite=none\r\ncache-control: must-revalidate, no-cache, no-store, private\r\npragma: no-cache\r\nexpires: 0\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Unpkg","description":"Unpkg is a content delivery network for everything on npm.","website":"https://unpkg.com","common_platform_enumeration":"","icon":"Unpkg.png","categories":["CDN"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":55357,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (30569), with CRLF, LF line terminators","md5":"d572c509b2844644aa9f843f0d8a109f","sha1":"15bc3b2a306d6d257651436aa7469d745ed3fa4a","sha256":"163cd8ff4dbc1371fbbe1f12468031d22a1603db52707f64ae88eabbda4622bf","sha512":"a71cd5ef375f6ab3e2ccab52303257085333a7186f2ad985e80f863a4b88fd0da5610ec3214b7ea1392737c10e818b2c470b282bc3e51f5823f86d8591fc2cfc","ssdeep":"768:aOcz08uPXsBWqAPbBRvB3ACfaYOTQpz0eEdAQHupIGbpnA:xcz08JOVRvB3ACfaYT0eEBHH","tlshash":"08432b5d20d6303a02b361e51a3fe708f5b58a47b50e8400baed4bc91ff5e59d277ba8","first_seen":"2025-10-02T16:01:16.851295Z","last_seen":"2025-10-02T16:01:16.851295Z","times_seen":1,"resource_available":false,"data":null}},"time_used":12026,"timings":{"blocked":5967,"dns":5907,"connect":28,"send":0,"wait":91,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"befjajh.flirtosmart.com/bundle/348/assets/img/tick.svg","fqdn":"befjajh.flirtosmart.com","domain":"flirtosmart.com","tld":"com"},"ip":{"addr":"54.36.62.103","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://befjajh.flirtosmart.com/s/42cf1c2250951","date":"2025-10-02T16:00:55.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flirtosmart.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Sep 2025 15:51:39 GMT","end":"Wed, 03 Dec 2025 15:51:38 GMT"},"fingerprint":{"sha1":"72:A5:5D:EF:6F:72:25:F5:A5:48:90:33:1C:43:68:A2:0B:FA:D1:45","sha256":"AE:EC:CE:D6:07:C0:01:51:F9:F0:94:E6:33:9C:9C:D5:A7:4F:09:F9:9B:7D:12:81:D2:9F:CE:C5:CA:EC:D5:E1"}}},"request":{"raw":"GET /bundle/348/assets/img/tick.svg HTTP/1.1\r\nHost: befjajh.flirtosmart.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://befjajh.flirtosmart.com/s/42cf1c2250951\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 02 Oct 2025 16:00:55 GMT\r\ncontent-type: image/svg+xml\r\nvary: Accept-Encoding\r\ncache-control: max-age=86400, public\r\nx-cache-status: HIT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2242,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bd486619fe9202578a00720dae63d88e","sha1":"420f41b277968a3532d9dd80dc9999faaf8a164c","sha256":"365631d37af39ebb5619905ff1e23f580b4626446ee8f115e075944aa77b1f4a","sha512":"16193ec1b70da93d047e19f9fdd607a3e76a22606a69dd7089e05a638330f49513baf0ae1b184952e66619ce375109c9b1cf724a291f8cc69ec00beb9d357487","ssdeep":"","tlshash":"5a412badad0f6b5c87f4968b3074e249980a2912e7d035dfcf80fda0d8ce99071082e8","first_seen":"2023-11-10T23:10:29Z","last_seen":"2026-05-28T06:13:53.117597Z","times_seen":72,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-02","alert":"Sinkholed","trigger":"befjajh.flirtosmart.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}