{"report_id":"bc26ea38-888e-4b5c-892e-e23810be9bad","version":6,"status":"done","tags":[],"date":"2026-03-26T22:31:30Z","url":{"schema":"http","addr":"urlgoal.com/2tCa8Y/","fqdn":"urlgoal.com","domain":"urlgoal.com","tld":"com"},"ip":{"addr":"172.67.195.180","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"srightt.com/filenamefixer-organize-your-files-with-smart-rules/","fqdn":"srightt.com","domain":"srightt.com","tld":"com"},"title":"srightt.com/filenamefixer-organize-your-files-with-smart-rules/","dom":{"size":15825,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14918)","md5":"4a332aa18c1a80790c4c9dcca8a27c0c","sha1":"3c994642a5673c6070380518c0b83deae4b997c9","sha256":"c9785a121bbab3d6c9958ec083af5e04b693d0ad77906faf2d72e4b8d97ae34c","sha512":"7f6d5b19bac61f0746cd9635b1ab6c8cd283733b3afb999ca390d57fc0b2d65cc8286d108488c6d6ebc99546ea32e3da34c1b6a0837825197e02c8264399debb","ssdeep":"384:4UFcLn7ban3UeH8pjRm+QcGMBJ1iTRe2NpoU:4WcLn7ban3UeH8pj04lJ1iTFF","tlshash":"eb62096867a856ee527c0663137773c0f23a1258682a40b066781caa7277c43f5f6ffd","dom_hash":"domhashe7878feada357c83b98d617f7576c066","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"urlgoal.com/2tCa8Y/","fqdn":"urlgoal.com","domain":"urlgoal.com","tld":"com"},"ip":{"addr":"172.67.195.180","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-30T22:31:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"urlgoal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"urlgoal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"urlgoal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"urlgoal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"trk.flowclickeds.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"trk.flowclickeds.com","ip":{"addr":"35.156.137.7","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2026-03-10","domain_rank":0,"first_seen":"2026-03-20T07:39:07.277459Z","last_seen":"2026-03-20T07:39:07.277459Z","alert_count":1,"request_count":1,"received_data":7191488,"sent_data":601,"comment":"","tags":null,"fingerprints":null},{"fqdn":"download.avgbrowser.com","ip":{"addr":"172.66.168.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-05-15","domain_rank":0,"first_seen":"2025-03-25T21:52:27.400773Z","last_seen":"2026-03-17T23:05:21.041767Z","alert_count":0,"request_count":1,"received_data":7191723,"sent_data":589,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.5.3","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"urlgoal.com","ip":{"addr":"172.67.195.180","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-05-03","domain_rank":4141008,"first_seen":"2019-03-29T03:47:02Z","last_seen":"2026-03-17T07:27:18.640836Z","alert_count":4,"request_count":1,"received_data":16469,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"media.nebulasyncforge1.cyou","ip":{"addr":"172.67.193.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-12","domain_rank":0,"first_seen":"2026-03-26T22:31:30.523946Z","last_seen":"2026-03-26T22:31:30.523946Z","alert_count":0,"request_count":1,"received_data":16614,"sent_data":544,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"srightt.com","ip":{"addr":"104.21.28.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-27","domain_rank":0,"first_seen":"2026-03-24T08:31:22.390028Z","last_seen":"2026-03-24T08:31:22.390028Z","alert_count":0,"request_count":3,"received_data":7208577,"sent_data":1816,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"jwut.intramac.com","ip":{"addr":"18.193.28.56","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-12-17","domain_rank":0,"first_seen":"2026-02-01T09:44:37.174035Z","last_seen":"2026-03-26T21:12:00.71867Z","alert_count":0,"request_count":2,"received_data":14382987,"sent_data":1261,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"32954e72f8409ce27f4ec5702e311924","sha1":"0d75c053e220a543ff25d9662678be9bcd75c5d6","sha256":"8c1c969fab162248e7cfe13665849322faaee3cd05dbd40066299f422608efa9","sha512":"411599679757bb4fc0ed060c283678d2e29306f1718b26a3173727f67e0d602e54f18c0f6497bd0dac460486d63aff4516d989863ffd5d5c0f6e01d31ce81c0c","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","size":7190704,"url":{"schema":"https","addr":"download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1\u0026cid=9274\u0026source_tag=9fa7e062-64be-420f-b3ad-c0e154bfcda7","fqdn":"download.avgbrowser.com","domain":"avgbrowser.com","tld":"com"},"ip":{"addr":"172.66.168.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":null,"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"srightt.com/filenamefixer-organize-your-files-with-smart-rules/?utm_source=177456426558662830\u0026utm_term=bad_link_keyword.zip\u0026utm_content=9\u0026utm_medium=src2","fqdn":"srightt.com","domain":"srightt.com","tld":"com"},"ip":{"addr":"104.21.28.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"746ab21fc16b791e5b7335df0009e296","sha1":"a4703d3fe68485d8dafdd317fac2f949de1a7341","sha256":"14973b700c3e7d177ddccb7b0c5099180a94d8b3987e987dafed9327048b77c8","sha512":"71a036422d855cc0108d16c5a8c0ea621370e60c982cf1e786a67a78bfbaa60f4416b260e156a96d5eb7dbd1206f9562db132b3352d36bc7ec00a205cd3eb534","ssdeep":"384:2UFcLn7ban3UeH8pjRm+QcGMBJ1iTRe2NpoM:2WcLn7ban3UeH8pj04lJ1iTFL","tlshash":"aa620968676856ee527c0663137773c0f23a1258682a40b0a6781caa7277c43f5f6ffd","size":15768,"data":"","first_seen":"2026-03-26T22:31:34.616612Z","last_seen":"2026-03-26T22:31:34.616612Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"urlgoal.com/2tCa8Y/","fqdn":"urlgoal.com","domain":"urlgoal.com","tld":"com"},"ip":{"addr":"172.67.195.180","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T22:31:05.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"urlgoal.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 07 Feb 2026 12:03:23 GMT","end":"Fri, 08 May 2026 13:01:59 GMT"},"fingerprint":{"sha1":"3A:EC:B0:47:45:DC:E2:30:B1:8B:14:07:91:A1:97:2C:6D:3F:BF:5F","sha256":"87:31:A8:5B:FF:3D:67:84:57:DC:89:74:C9:B6:F3:2C:A8:21:B0:62:53:07:8B:31:B8:7B:50:28:9A:EA:9D:3C"}}},"request":{"raw":"GET /2tCa8Y/ HTTP/1.1\r\nHost: urlgoal.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 26 Mar 2026 22:31:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://media.nebulasyncforge1.cyou/bad_link_keyword.zip?c=177456426558662830\u0026s=src2\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vXMOIWgxj6nFGc9JL0y0KWLj168H9su029ifeYiowquX1gfRbQjqBSf3WHlImOAbthyxfI1O%2FYgIPPwotnrg1aXSCkVbnL%2FXcd%2Br2zSfpRwWpnyRb12y4bt%2FkXiW9A%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9e299a8369e9b4eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15827,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":205,"timings":{"blocked":52,"dns":27,"connect":1,"send":0,"wait":100,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"urlgoal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"urlgoal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"urlgoal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"urlgoal.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"media.nebulasyncforge1.cyou/bad_link_keyword.zip?c=177456426558662830\u0026s=src2","fqdn":"media.nebulasyncforge1.cyou","domain":"nebulasyncforge1.cyou","tld":"cyou"},"ip":{"addr":"172.67.193.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T22:31:05.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nebulasyncforge1.cyou","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 25 Mar 2026 20:06:46 GMT","end":"Tue, 23 Jun 2026 20:06:45 GMT"},"fingerprint":{"sha1":"33:84:7E:E4:1A:69:9E:86:4A:B4:DF:81:03:2F:CC:0C:7D:10:29:34","sha256":"56:1D:DF:3A:CE:E8:63:E1:56:A7:45:A4:39:EB:5D:C3:7E:C7:D0:87:A5:46:20:93:65:25:79:B5:4B:1F:DE:25"}}},"request":{"raw":"GET /bad_link_keyword.zip?c=177456426558662830\u0026s=src2 HTTP/1.1\r\nHost: media.nebulasyncforge1.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 26 Mar 2026 22:31:05 GMT\r\ncontent-type: text/html;charset=UTF-8\r\nlocation: https://srightt.com/filenamefixer-organize-your-files-with-smart-rules/?utm_source=177456426558662830\u0026utm_term=bad_link_keyword.zip\u0026utm_content=9\u0026utm_medium=src2\r\nserver: cloudflare\r\nx-powered-by: PHP/8.2.12\r\ncache-control: no-store\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1FW33VDaz%2BZO7AMIrqfiD4ZdxmunW3hRtWlAYiE4UzQhB3Mq03xmf4YPOlg64QTvnPCoN5ROdckEgmnwyUaI53CB5fdiFn%2BHFrMXqcDFhBUaQHcefZ0wYWxLL%2BQEjxD0HrmP3wBKIp%2FOPIDoNGM%3D\"}]}\r\ncf-ray: 9e299a84482932fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.2.12","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":15827,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":347,"timings":{"blocked":38,"dns":21,"connect":1,"send":0,"wait":271,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"srightt.com/favicon.ico","fqdn":"srightt.com","domain":"srightt.com","tld":"com"},"ip":{"addr":"104.21.28.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://srightt.com/filenamefixer-organize-your-files-with-smart-rules/?utm_source=177456426558662830\u0026utm_term=bad_link_keyword.zip\u0026utm_content=9\u0026utm_medium=src2","date":"2026-03-26T22:31:06.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"srightt.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Feb 2026 12:37:12 GMT","end":"Thu, 28 May 2026 12:37:11 GMT"},"fingerprint":{"sha1":"DD:38:57:7F:12:5F:91:70:F0:9A:29:3B:9A:80:8E:44:DC:89:0C:18","sha256":"C0:8C:3C:9D:5D:DF:60:92:9E:0D:6B:DD:D5:81:EC:DE:09:02:83:09:C4:A6:68:0B:44:D4:A5:F2:F6:A6:29:E7"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: srightt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://srightt.com/filenamefixer-organize-your-files-with-smart-rules/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Thu, 26 Mar 2026 22:31:06 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GjQ0tRoO1ad8CiBKctLwwdMVeHcvZobzU6QYv1D8wg2z56LsLVVBjOBxtseN3dOqxEke67skHm8%2BvqXRWBykG%2B0fDVOCqRn5jy9jWMKg5azt6abiD5Zy%2FSj%2F5GRfRw%3D%3D\"}]}\r\npriority: u=6,i=?0\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e299a8a08a056ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-05T06:47:20.473824Z","times_seen":479142,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"srightt.com/filenamefixer-organize-your-files-with-smart-rules/?utm_term=bad_link_keyword.zip\u0026utm_content=9\u0026utm_medium=src2\u0026utm_source=VbWxe050004000000001008066419","fqdn":"srightt.com","domain":"srightt.com","tld":"com"},"ip":{"addr":"104.21.28.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T22:31:07.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"srightt.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Feb 2026 12:37:12 GMT","end":"Thu, 28 May 2026 12:37:11 GMT"},"fingerprint":{"sha1":"DD:38:57:7F:12:5F:91:70:F0:9A:29:3B:9A:80:8E:44:DC:89:0C:18","sha256":"C0:8C:3C:9D:5D:DF:60:92:9E:0D:6B:DD:D5:81:EC:DE:09:02:83:09:C4:A6:68:0B:44:D4:A5:F2:F6:A6:29:E7"}}},"request":{"raw":"GET /filenamefixer-organize-your-files-with-smart-rules/?utm_term=bad_link_keyword.zip\u0026utm_content=9\u0026utm_medium=src2\u0026utm_source=VbWxe050004000000001008066419 HTTP/1.1\r\nHost: srightt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://srightt.com/filenamefixer-organize-your-files-with-smart-rules/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\nserver: cloudflare\r\ndate: Thu, 26 Mar 2026 22:31:07 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\nreferrer-policy: no-referrer\r\nlocation: https://trk.flowclickeds.com/campaign/fa5d1e21-d3cc-425a-bfde-d989acbd7fc5?cost=0.00131\u0026source_id=360847\u0026pid=AKuzxWmPgQUAj44CAE5PFwAMAAAAAAA7\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rx9GSszGOXAxZxW9ZlFFDHneJAbdznQ4WgL4YWI92Y16xXVZA1NA%2FKQx59Z6lgFXDizhuBJRVlpj9XHUuOREmftd3n2UQR5Z5OokQRdbvbL8zge%2B13DCw58%2Fs2uNaA%3D%3D\"}]}\r\ncf-ray: 9e299a8f88d356ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7190704,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jwut.intramac.com/t/clk?id=1GVEcO11sOROVtgVQGHg\u0026s2=d72r7aqv1vrc73bv5t20\u0026s1=10208","fqdn":"jwut.intramac.com","domain":"intramac.com","tld":"com"},"ip":{"addr":"18.193.28.56","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T22:31:07.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.wishingclick.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 06 Mar 2026 00:00:00 GMT","end":"Sat, 19 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"19:A3:14:BC:98:03:6F:1D:CA:86:D3:EE:36:A9:7D:C3:8D:A1:44:78","sha256":"97:61:22:37:FD:B3:00:BA:FD:2C:62:D4:19:34:09:A8:FC:20:8D:F2:87:1F:47:52:DC:43:2D:49:A9:56:17:8E"}}},"request":{"raw":"GET /t/clk?id=1GVEcO11sOROVtgVQGHg\u0026s2=d72r7aqv1vrc73bv5t20\u0026s1=10208 HTTP/1.1\r\nHost: jwut.intramac.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 26 Mar 2026 22:31:07 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://jwut.intramac.com/t/clk?id=ojA8C8MMU78kKc94Z1h4\u0026s1=10208\u0026s2=d72r7aqv1vrc73bv5t20\u0026rl=k4j6Y\u0026redirect-from=1GVEcO11sOROVtgVQGHg\u0026rcode=R01\u0026rseq=R01\r\nserver: nginx/1.18.0 (Ubuntu)\r\ncache-control: no-transform\r\nx-frame-options: DENY\r\nvary: Accept-Language, Cookie, Origin\r\ncontent-language: en\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nset-cookie: ydt_ec2909f796694db8a38d0dbcafd0b47f=\"[]:1w5tEJ:cB5jJcWOGNvd7BGj1_Ajs-fcd9fCGrtZXhVg4XmEDZY\"; expires=Sat, 25 Apr 2026 23:31:07 GMT; Max-Age=2595600; Path=/; SameSite=None; Secure\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7190704,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":92,"dns":21,"connect":21,"send":0,"wait":68,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jwut.intramac.com/t/clk?id=ojA8C8MMU78kKc94Z1h4\u0026s1=10208\u0026s2=d72r7aqv1vrc73bv5t20\u0026rl=k4j6Y\u0026redirect-from=1GVEcO11sOROVtgVQGHg\u0026rcode=R01\u0026rseq=R01","fqdn":"jwut.intramac.com","domain":"intramac.com","tld":"com"},"ip":{"addr":"18.193.28.56","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T22:31:07.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.wishingclick.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 06 Mar 2026 00:00:00 GMT","end":"Sat, 19 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"19:A3:14:BC:98:03:6F:1D:CA:86:D3:EE:36:A9:7D:C3:8D:A1:44:78","sha256":"97:61:22:37:FD:B3:00:BA:FD:2C:62:D4:19:34:09:A8:FC:20:8D:F2:87:1F:47:52:DC:43:2D:49:A9:56:17:8E"}}},"request":{"raw":"GET /t/clk?id=ojA8C8MMU78kKc94Z1h4\u0026s1=10208\u0026s2=d72r7aqv1vrc73bv5t20\u0026rl=k4j6Y\u0026redirect-from=1GVEcO11sOROVtgVQGHg\u0026rcode=R01\u0026rseq=R01 HTTP/1.1\r\nHost: jwut.intramac.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ydt_ec2909f796694db8a38d0dbcafd0b47f=\"[]:1w5tEJ:cB5jJcWOGNvd7BGj1_Ajs-fcd9fCGrtZXhVg4XmEDZY\"\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 26 Mar 2026 22:31:08 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1\u0026cid=9274\u0026source_tag=9fa7e062-64be-420f-b3ad-c0e154bfcda7\r\nserver: nginx/1.18.0 (Ubuntu)\r\ncache-control: no-transform\r\nx-frame-options: DENY\r\nvary: Accept-Language, Cookie, Origin\r\ncontent-language: en\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\nset-cookie: uip=\"[\\\"NJpOZ4\\\"\\054 {\\\"QYJ65\\\": \\\"0KGRV4O\\\"}]:1w5tEK:hP1W2E9tou4XTLGM0KT-fF90TdboFc6VGlp96nVuwAw\"; expires=Sat, 25 Apr 2026 22:31:08 GMT; Max-Age=2592000; Path=/\nydt_ec2909f796694db8a38d0dbcafd0b47f=\"[\\\"9fa7e062-64be-420f-b3ad-c0e154bfcda7\\\"]:1w5tEK:QV-ELFm6dqyQATVvcCzr_fRm0gQDUqPuHYFyw_k0EDE\"; expires=Sat, 25 Apr 2026 23:31:08 GMT; Max-Age=2595600; Path=/; SameSite=None; Secure\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7190704,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":984,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":984,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"srightt.com/filenamefixer-organize-your-files-with-smart-rules/?utm_source=177456426558662830\u0026utm_term=bad_link_keyword.zip\u0026utm_content=9\u0026utm_medium=src2","fqdn":"srightt.com","domain":"srightt.com","tld":"com"},"ip":{"addr":"104.21.28.65","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T22:31:05.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"srightt.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Feb 2026 12:37:12 GMT","end":"Thu, 28 May 2026 12:37:11 GMT"},"fingerprint":{"sha1":"DD:38:57:7F:12:5F:91:70:F0:9A:29:3B:9A:80:8E:44:DC:89:0C:18","sha256":"C0:8C:3C:9D:5D:DF:60:92:9E:0D:6B:DD:D5:81:EC:DE:09:02:83:09:C4:A6:68:0B:44:D4:A5:F2:F6:A6:29:E7"}}},"request":{"raw":"GET /filenamefixer-organize-your-files-with-smart-rules/?utm_source=177456426558662830\u0026utm_term=bad_link_keyword.zip\u0026utm_content=9\u0026utm_medium=src2 HTTP/1.1\r\nHost: srightt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 26 Mar 2026 22:31:06 GMT\r\ncontent-type: text/html;charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m%2BUWpWEzu1kyRIhyG%2F8eJ3EMl%2BwUV3puUrOfRSMo8wvfRNM0r3lPa2qTfNgSNBf%2BbdgKapJD7D9gBdwnI7bUh5RrX8z45v9k2qutOIeIBkOF%2FA7UTEOZ2WdFEHOkVA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9e299a86592976ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15827,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14918)","md5":"3fecb921ad30b144eec8cb387fa78643","sha1":"1de3105fa8522aaade7b59c52e321ba4a2fa7c74","sha256":"2f0e077ae57cdd266df2a037d2943d4ff7cf6392a7e3b168315f1278727cc3e6","sha512":"b4d3e125b65af86de4999a55f5dfbe7596b7e7322c76000d9c3f535720a07a9c1085398e9eb556775a7bc1810edf0849f3d1cf9154845702db9629eab11e88ea","ssdeep":"384:cUFcLn7ban3UeH8pjRm+QcGMBJ1iTRe2Npop:cWcLn7ban3UeH8pj04lJ1iTFa","tlshash":"ab62096867a856ee527c0663137773c0f23a1258682a40b066781caa7277c43f5f6ffd","first_seen":"2026-03-26T22:31:34.612855Z","last_seen":"2026-03-26T22:31:34.612855Z","times_seen":1,"resource_available":true,"data":null}},"time_used":166,"timings":{"blocked":52,"dns":36,"connect":1,"send":0,"wait":63,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trk.flowclickeds.com/campaign/fa5d1e21-d3cc-425a-bfde-d989acbd7fc5?cost=0.00131\u0026source_id=360847\u0026pid=AKuzxWmPgQUAj44CAE5PFwAMAAAAAAA7","fqdn":"trk.flowclickeds.com","domain":"flowclickeds.com","tld":"com"},"ip":{"addr":"35.156.137.7","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T22:31:07.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trk.flowclickeds.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Mar 2026 16:50:46 GMT","end":"Mon, 08 Jun 2026 16:50:45 GMT"},"fingerprint":{"sha1":"55:CC:83:72:FE:05:4B:32:52:41:CC:1A:45:7A:07:0D:71:83:02:0A","sha256":"B1:09:85:A7:F6:28:0F:93:CA:61:DE:AD:2C:CE:66:26:82:04:B8:98:A4:3C:81:40:0C:CA:BF:6C:AB:6D:A0:AE"}}},"request":{"raw":"GET /campaign/fa5d1e21-d3cc-425a-bfde-d989acbd7fc5?cost=0.00131\u0026source_id=360847\u0026pid=AKuzxWmPgQUAj44CAE5PFwAMAAAAAAA7 HTTP/1.1\r\nHost: trk.flowclickeds.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\naccess-control-allow-headers: Authorization, Origin, Content-Type, Accept\r\naccess-control-allow-methods: POST, GET, OPTIONS\r\naccess-control-allow-origin: *\r\nallow: POST, GET, OPTIONS\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0\r\ncontent-type: application/json\r\nlocation: https://jwut.intramac.com/t/clk?id=1GVEcO11sOROVtgVQGHg\u0026s2=d72r7aqv1vrc73bv5t20\u0026s1=10208\r\nset-cookie: skro-visited-cpid-fa5d1e21-d3cc-425a-bfde-d989acbd7fc5=1; Path=/; Domain=trk.flowclickeds.com; Max-Age=86400; HttpOnly; Secure; SameSite=None\nskro-last-clicked-id=d72r7aqv1vrc73bv5t20; Path=/; Domain=trk.flowclickeds.com; Max-Age=86400; HttpOnly; Secure; SameSite=None\r\ncontent-length: 0\r\ndate: Thu, 26 Mar 2026 22:31:07 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":7190704,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T06:47:06.202855Z","times_seen":13363998,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":129,"dns":70,"connect":23,"send":0,"wait":24,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-26","alert":"Sinkholed","trigger":"trk.flowclickeds.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"download.avgbrowser.com/avg/avg_secure_browser_setup.exe?nouac=1\u0026cid=9274\u0026source_tag=9fa7e062-64be-420f-b3ad-c0e154bfcda7","fqdn":"download.avgbrowser.com","domain":"avgbrowser.com","tld":"com"},"ip":{"addr":"172.66.168.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-26T22:31:08.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"avgbrowser.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 31 Jan 2026 21:47:57 GMT","end":"Fri, 01 May 2026 22:47:40 GMT"},"fingerprint":{"sha1":"9D:EA:0E:69:D8:0E:2E:49:FD:93:33:F9:B6:C8:9A:B9:5D:EC:DC:85","sha256":"85:2F:99:5B:F8:7E:C0:70:DD:9E:51:1D:10:67:6A:CE:F1:64:3A:63:63:4F:66:1D:BF:AE:7F:B7:86:31:BC:90"}}},"request":{"raw":"GET /avg/avg_secure_browser_setup.exe?nouac=1\u0026cid=9274\u0026source_tag=9fa7e062-64be-420f-b3ad-c0e154bfcda7 HTTP/1.1\r\nHost: download.avgbrowser.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 26 Mar 2026 22:31:09 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 7190704\r\nserver: cloudflare\r\nx-powered-by: PHP/8.5.3\r\nset-cookie: nouac=1; expires=Fri, 27 Mar 2026 22:31:09 GMT; Max-Age=86400; path=/; domain=avgbrowser.com\nsource_tag=9fa7e062-64be-420f-b3ad-c0e154bfcda7; expires=Fri, 27 Mar 2026 22:31:09 GMT; Max-Age=86400; path=/; domain=avgbrowser.com\ncampaign_id=9274; expires=Fri, 27 Mar 2026 22:31:09 GMT; Max-Age=86400; path=/; domain=avgbrowser.com\nuser_id=aa4ae2b9c0c64fa4960f781186c87364; expires=Tue, 19 Jan 2038 03:14:07 GMT; Max-Age=372919378; path=/; domain=avgbrowser.com\r\npragma: public\r\nexpires: -1\r\ncache-control: public, must-revalidate, post-check=0, pre-check=0\r\ncontent-disposition: attachment; filename=\"avg_secure_browser_setup.exe\"\r\nlast-modified: Thu, 26 Mar 2026 22:31:09 GMT\r\netag: d7a6c52ca5b9ddaaabe793870dcf02fa\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9e299a994bdab4fd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.5.3","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":7190704,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections","md5":"32954e72f8409ce27f4ec5702e311924","sha1":"0d75c053e220a543ff25d9662678be9bcd75c5d6","sha256":"8c1c969fab162248e7cfe13665849322faaee3cd05dbd40066299f422608efa9","sha512":"411599679757bb4fc0ed060c283678d2e29306f1718b26a3173727f67e0d602e54f18c0f6497bd0dac460486d63aff4516d989863ffd5d5c0f6e01d31ce81c0c","ssdeep":"24576:Nf73aYy/j0mA3tMEjhRXZEVix1cNBEX8tRT:N2Yy/jJQhRXBxKWX83","tlshash":"3625231463a9c4f7d93b44b459d22ee29e35ce2024e43b4a6325385cbcf60e3f89e9d5","first_seen":"2026-03-07T11:14:22.149076Z","last_seen":"2026-03-29T05:09:08.315003Z","times_seen":13,"resource_available":true,"data":null}},"time_used":1486,"timings":{"blocked":42,"dns":22,"connect":1,"send":0,"wait":210,"receive":1190,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}