{"report_id":"bc99ccbd-ac4b-4fac-a3ae-5d01963f0330","version":6,"status":"done","tags":[],"date":"2026-02-24T14:15:43Z","url":{"schema":"http","addr":"cntohhh.fstval-rmdhan26.com","fqdn":"cntohhh.fstval-rmdhan26.com","domain":"fstval-rmdhan26.com","tld":"com"},"ip":{"addr":"172.67.176.7","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cntohhh.fstval-rmdhan26.com/","fqdn":"cntohhh.fstval-rmdhan26.com","domain":"fstval-rmdhan26.com","tld":"com"},"title":"𝗞𝘂𝗽𝗼𝗻 𝗨𝗻𝗱𝗶𝗮𝗻 | 𝗕𝗮𝗻𝗸 𝗕𝗥𝗜","dom":{"size":10350,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (339)","md5":"395bbd2bc4f3be3de3f6e04a12183bd6","sha1":"4184710630f9f62d7e5f099bc140a3fa726c2837","sha256":"11a00649586ac374b22088d0c246e1debf11bb0dca7005ba6f436495ce81c8e8","sha512":"9f8cf343293279d87bd5f9af8a44bd1a038d7a524e94a77924155bb66b295fba6c6f825decb65deb0b2b91244c3a6ddb95c760884695518d21395412a214fb4f","ssdeep":"96:n8EoWhAIzAJbJXugxkqaNARioMe2WZeeHUH8i/nMxwr6mFEEM:8xUAGsbJXPTMe2WZeeen/nMQnU","tlshash":"7e224f5635f6a10221337c381ba7bd2c2d7a705b340c9918795e2ad00fdaf51c6b7b6e","dom_hash":"domhash4d4bcecb29a1d9000d164a062d3476ab","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"cntohhh.fstval-rmdhan26.com","fqdn":"cntohhh.fstval-rmdhan26.com","domain":"fstval-rmdhan26.com","tld":"com"},"ip":{"addr":"172.67.176.7","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-31T14:15:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-24","alert":"Phishing Block","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"blogger.googleusercontent.com","ip":{"addr":"172.217.21.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-11-17","domain_rank":4332,"first_seen":"2012-05-25T17:41:01Z","last_seen":"2026-02-23T04:59:34.946466Z","alert_count":0,"request_count":2,"received_data":155003,"sent_data":1397,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cntohhh.fstval-rmdhan26.com","ip":{"addr":"104.21.64.43","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-08","domain_rank":0,"first_seen":"2026-02-24T14:15:43.237076Z","last_seen":"2026-02-24T14:15:43.237076Z","alert_count":9,"request_count":3,"received_data":141393,"sent_data":1410,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-02-22T22:27:51.54973Z","alert_count":0,"request_count":1,"received_data":1777,"sent_data":474,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipe73s-3CcYv1XXmiOtnfFSKYbs7EFK5AJb1P4Jj-6LiXpr7qbbsnoHWxM-MG6cHMlkZu6V342OuENy8Evo_MoLlFzmub-d7VFYcBycMykKax6G8XaoMGi_IhqDZzVm9Sv05nTWxEDe82lnuwS4ln0HnG6VE0sGqhO70WQflrIt5RuY8lZIDftN9qwk4Q/s1080/AddText_10-22-11.27.23.jpg","fqdn":"blogger.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"172.217.21.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cntohhh.fstval-rmdhan26.com/","date":"2026-02-24T14:15:15.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:50 GMT","end":"Mon, 20 Apr 2026 08:40:49 GMT"},"fingerprint":{"sha1":"95:A9:86:49:F3:E0:E3:F9:36:BC:EC:4E:BF:FB:C5:AE:E2:1C:8D:04","sha256":"B6:B9:D6:54:FE:79:1C:50:57:A2:7B:55:2A:3D:2C:2B:A3:91:C5:B7:3D:65:94:38:4F:69:5E:EF:03:1B:9C:8F"}}},"request":{"raw":"GET /img/b/R29vZ2xl/AVvXsEipe73s-3CcYv1XXmiOtnfFSKYbs7EFK5AJb1P4Jj-6LiXpr7qbbsnoHWxM-MG6cHMlkZu6V342OuENy8Evo_MoLlFzmub-d7VFYcBycMykKax6G8XaoMGi_IhqDZzVm9Sv05nTWxEDe82lnuwS4ln0HnG6VE0sGqhO70WQflrIt5RuY8lZIDftN9qwk4Q/s1080/AddText_10-22-11.27.23.jpg HTTP/1.1\r\nHost: blogger.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cntohhh.fstval-rmdhan26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\nvary: Origin\r\naccess-control-expose-headers: Content-Length\r\netag: \"vaaf\"\r\nexpires: Wed, 25 Feb 2026 14:15:16 GMT\r\ncache-control: public, max-age=86400, no-transform\r\ncontent-disposition: inline;filename=\"AddText_10-22-11.27.23.jpg\"\r\nx-content-type-options: nosniff\r\ndate: Tue, 24 Feb 2026 14:15:16 GMT\r\nserver: fife\r\ncontent-length: 150301\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":150301,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, software=Google], baseline, precision 8, 1080x1080, components 3","md5":"918242093623a7d220050510f5bd05fb","sha1":"0731cf8660ca836c1e49b722594dc38a5e4263c2","sha256":"60a46b2a53c9634440ed033079aec9dafe9add115836a8c6684ea7948e9cdc21","sha512":"a22effa1d1c5ff129f40190bf28afd37beb0b51318ae3c6948f43a750c0f0aefae0a639e4cce9f2a04a3df228acea07846c4b793452dc853f9a765540e56742a","ssdeep":"3072:Ge3WYT1mrlhzdLUEic1zjV1amqRdgkUp7uDFxT4mqtkrS:REr1UEicpV1amW15LcmLrS","tlshash":"71e312ac440fe9beec1f8eb08e71f925367c92d9a150e43d69f2478cc75a1b8262dd44","first_seen":"2024-12-05T16:36:35.757249Z","last_seen":"2026-02-27T17:13:50.555179Z","times_seen":24,"resource_available":false,"data":null}},"time_used":759,"timings":{"blocked":-1,"dns":25,"connect":8,"send":0,"wait":582,"receive":56,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgO_KJKoiNoIOuh2awDawBIzbhPGD8ZE4TQ2Lzyo2PyR4INOQozVU1zIwCJXeS3T_ZhCnXxdoYusOrUPXuuMF1k-9P3jpaV1SLE9L0WQrdMN72HbXyIc0uDJOF04L_GChyphenhyphenUilXS-nc35hyJaBkonxSZr14jTnIWJE8MXDHo_-G5nfONdgw9zPpI1CPwFhs/s100/AddText_10-22-11.27.51.jpg","fqdn":"blogger.googleusercontent.com","domain":"googleusercontent.com","tld":"com"},"ip":{"addr":"172.217.21.161","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cntohhh.fstval-rmdhan26.com/","date":"2026-02-24T14:15:15.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.googleusercontent.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:50 GMT","end":"Mon, 20 Apr 2026 08:40:49 GMT"},"fingerprint":{"sha1":"95:A9:86:49:F3:E0:E3:F9:36:BC:EC:4E:BF:FB:C5:AE:E2:1C:8D:04","sha256":"B6:B9:D6:54:FE:79:1C:50:57:A2:7B:55:2A:3D:2C:2B:A3:91:C5:B7:3D:65:94:38:4F:69:5E:EF:03:1B:9C:8F"}}},"request":{"raw":"GET /img/b/R29vZ2xl/AVvXsEgO_KJKoiNoIOuh2awDawBIzbhPGD8ZE4TQ2Lzyo2PyR4INOQozVU1zIwCJXeS3T_ZhCnXxdoYusOrUPXuuMF1k-9P3jpaV1SLE9L0WQrdMN72HbXyIc0uDJOF04L_GChyphenhyphenUilXS-nc35hyJaBkonxSZr14jTnIWJE8MXDHo_-G5nfONdgw9zPpI1CPwFhs/s100/AddText_10-22-11.27.51.jpg HTTP/1.1\r\nHost: blogger.googleusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cntohhh.fstval-rmdhan26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\nvary: Origin\r\naccess-control-expose-headers: Content-Length\r\netag: \"vab0\"\r\nexpires: Wed, 25 Feb 2026 14:15:16 GMT\r\ncache-control: public, max-age=86400, no-transform\r\ncontent-disposition: inline;filename=\"AddText_10-22-11.27.51.jpg\"\r\nx-content-type-options: nosniff\r\ndate: Tue, 24 Feb 2026 14:15:16 GMT\r\nserver: fife\r\ncontent-length: 3738\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3738,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 100x100, components 3","md5":"a730a5113ae4fa3cd5a63546318d6c5c","sha1":"772c0a09ef036bbaae59e32613a823f9071b5d52","sha256":"762e7844f1ddfd32487a2f8d2496fc83ddc01e6575c3990cd196329941d07976","sha512":"ad556f949f32ea8efd8285234f4e1e91cc2d2f66c1565328f4b176192caab504bfc51201504a014d658e42fa6d2b05dc2974c7c94e9cc155713a677024f9b0d1","ssdeep":"","tlshash":"57717d557e09f43fdf6eb03c62014356b8239cf4a63de941c4ef52c367126c8494a762","first_seen":"2024-12-05T16:36:35.754876Z","last_seen":"2026-02-27T17:13:50.556194Z","times_seen":24,"resource_available":false,"data":null}},"time_used":508,"timings":{"blocked":-1,"dns":25,"connect":21,"send":0,"wait":393,"receive":1,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cntohhh.fstval-rmdhan26.com/","fqdn":"cntohhh.fstval-rmdhan26.com","domain":"fstval-rmdhan26.com","tld":"com"},"ip":{"addr":"104.21.64.43","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-24T14:15:15.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fstval-rmdhan26.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:59:31 GMT","end":"Sat, 09 May 2026 17:55:44 GMT"},"fingerprint":{"sha1":"A3:04:0A:C1:F9:76:52:43:30:29:6A:1D:5A:BB:84:C2:6F:8F:8A:84","sha256":"EF:A7:C1:85:FC:C3:74:82:0D:43:AC:1B:DF:C1:85:AB:AC:35:F8:BF:6B:63:E8:2C:FD:F7:D8:14:D4:3C:B6:06"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cntohhh.fstval-rmdhan26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:15:15 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Tue, 17 Feb 2026 14:54:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yPN2Gr%2FspeLKJgA0CEWiCssY71i6%2BPcoZWF4HQhYl%2FQTorCwjH9qUUBWBdxBvF11a4e6bz%2BZE8yL0pP%2FX2Udi9GVN97ojTclzDpSkCC0atgFESRshndm6HPDbQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9d2f92f1fd72b27a-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10489,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (341)","md5":"8391eb92aa37c760fc7b3f36017c6e7e","sha1":"fbb2c3c968e0f787898e881dfc3727482723591c","sha256":"5a4a59a3a4ce4bad1a94e299df0616acb038f9c49f620515894ac6a1e2142f67","sha512":"c02004cb90b3bc516450d147e70d7297dd8c0dd2a589fed28cc8ccea78f522337db9d3e9deac30281fdaab2efa6ec4fd01d855c4a2382e8753143a413b4a6f3e","ssdeep":"96:CEb/SukVIEqJbJXupxkqaNvRioMe2WZeeHUH8i/nMxwr6mFEE6:C6TkVZybJKuTMe2WZeeen/nMQni","tlshash":"b722405535f6a10221337c381ba7b92c2d7a719b310c9908795e2ad00fdaf51c7b7bae","first_seen":"2026-02-24T14:15:47.738554Z","last_seen":"2026-02-27T17:13:50.547281Z","times_seen":3,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":53,"dns":16,"connect":8,"send":0,"wait":124,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-24","alert":"Phishing Block","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cntohhh.fstval-rmdhan26.com/","date":"2026-02-24T14:15:15.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 22:16:05 GMT","end":"Mon, 13 Apr 2026 23:15:55 GMT"},"fingerprint":{"sha1":"D9:00:47:77:A5:47:66:A1:6F:DA:EB:4B:BB:BF:67:49:BF:2C:A4:75","sha256":"07:A7:3E:4A:B2:9F:0A:07:6C:78:A7:7B:DC:2B:68:A1:84:7A:7F:1B:45:6C:71:8E:5E:79:F3:11:1A:6C:4F:62"}}},"request":{"raw":"GET /ajax/libs/meyer-reset/2.0/reset.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cntohhh.fstval-rmdhan26.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 24 Feb 2026 14:15:15 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 333\r\ncf-ray: 9d2f92f41d5e0d2b-ARN\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03f23-305\"\r\nlast-modified: Mon, 04 May 2020 16:13:23 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 481932\r\nexpires: Sun, 14 Feb 2027 14:15:15 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=7iZ3fHtoAS%2FGVnKXMoXIXFxK6JpScOUM8G8ptZ5ZW0TQt91QH1thb%2Fg%2FASjvjVhQKCoqVNESFdomwpMcNSPDEgYh1vEVKSrccwUE8Pd%2BF4QnClYE%2B714mJPCU3zTRHcMG4UXnwOx\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":773,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (773), with no line terminators","md5":"93e42565f156d067f72108759177a957","sha1":"19b2c8de419fbd69c38971ac4923e7636edda182","sha256":"82f1278f66b192a223e306d884f8db595ef3b6d829cc1544807b9bf40019403e","sha512":"3662e40c85350bf0bcf308b7db81c173e4b690b862d3c3cde460de5155550bf055b7ff48cddb1cf5255e55f0355196d8dec1d49434b2457842cc77ebea198f3f","ssdeep":"","tlshash":"ba012078532135d48fb747756704d6a1c0214302980446f8f426c21b9ded07fa8f0fe8","first_seen":"2023-04-06T08:41:04Z","last_seen":"2026-06-08T19:01:18.22306Z","times_seen":2685,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":35,"dns":1,"connect":8,"send":0,"wait":18,"receive":1,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cntohhh.fstval-rmdhan26.com/img/poxx.jpg","fqdn":"cntohhh.fstval-rmdhan26.com","domain":"fstval-rmdhan26.com","tld":"com"},"ip":{"addr":"104.21.64.43","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cntohhh.fstval-rmdhan26.com/","date":"2026-02-24T14:15:15.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fstval-rmdhan26.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:59:31 GMT","end":"Sat, 09 May 2026 17:55:44 GMT"},"fingerprint":{"sha1":"A3:04:0A:C1:F9:76:52:43:30:29:6A:1D:5A:BB:84:C2:6F:8F:8A:84","sha256":"EF:A7:C1:85:FC:C3:74:82:0D:43:AC:1B:DF:C1:85:AB:AC:35:F8:BF:6B:63:E8:2C:FD:F7:D8:14:D4:3C:B6:06"}}},"request":{"raw":"GET /img/poxx.jpg HTTP/1.1\r\nHost: cntohhh.fstval-rmdhan26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cntohhh.fstval-rmdhan26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 24 Feb 2026 14:15:15 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 17 Feb 2026 14:47:32 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 128649\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/jpeg\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y%2F1xbXraQb7fgMpTbL4NAPw2fuVmB%2Ffs0R8gNBqW5Y4G%2Bsudnr2yVZ1kIRNeVerikEG3Y9KEoIRmOhgq7qt8kEqhatQcD2sMCGNQWgO9vlB24K3%2FnT31JYMB9g%3D%3D\"}]}\r\ncf-ray: 9d2f92f3efee45dd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":128649,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 897x1600, components 3","md5":"e345694098b52d69b215079f29bcdf14","sha1":"aca72b5732c75c538cbfe1edc771e58b0e279a4d","sha256":"6fd32b8db971ed81912fae5ad847aff399603ac7c7ca8cedc6457e92e45e751e","sha512":"87c5fa2dad8a9e087443653b8022d7264da4abaa6b722cb884bd340b0e10e53c0a325569472ae593b778488f8b642896c060dc1f9bd940708d9835cfe6b736ec","ssdeep":"3072:wcXuTaPQddIt5nP/1dMkw68++FdeRfk6poC8bYj:NXuT45n4kd8++Yf9f8o","tlshash":"d2c31203b79d0e1ed53f92779c16842dfa0e1d34326648e6dadc93d2992ca748970dce","first_seen":"2026-02-05T14:11:16.079082Z","last_seen":"2026-02-27T17:13:50.552878Z","times_seen":4,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-24","alert":"Phishing Block","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cntohhh.fstval-rmdhan26.com/style.css","fqdn":"cntohhh.fstval-rmdhan26.com","domain":"fstval-rmdhan26.com","tld":"com"},"ip":{"addr":"104.21.64.43","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cntohhh.fstval-rmdhan26.com/","date":"2026-02-24T14:15:15.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fstval-rmdhan26.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 08 Feb 2026 16:59:31 GMT","end":"Sat, 09 May 2026 17:55:44 GMT"},"fingerprint":{"sha1":"A3:04:0A:C1:F9:76:52:43:30:29:6A:1D:5A:BB:84:C2:6F:8F:8A:84","sha256":"EF:A7:C1:85:FC:C3:74:82:0D:43:AC:1B:DF:C1:85:AB:AC:35:F8:BF:6B:63:E8:2C:FD:F7:D8:14:D4:3C:B6:06"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: cntohhh.fstval-rmdhan26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cntohhh.fstval-rmdhan26.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Tue, 24 Feb 2026 14:15:15 GMT\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nY4aE0tK3X9kIGT3locYucQiPKqcoU0IF2M2INQleo2QGlHiCro%2Fx%2FbNzO%2B20My%2FzDAyusYrzEy8E%2F8Nx0D9XE3JeS0yFOjy555aJNxJHZRQ2CnoTg3wr8feqA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=iso-8859-1\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d2f92f3efed45dd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T19:45:44.062502Z","times_seen":39320,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-24","alert":"Sinkholed","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-24","alert":"Phishing Block","trigger":"cntohhh.fstval-rmdhan26.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}