{"report_id":"c1c814ec-cbb9-40f2-93f5-d289f98c0dbf","version":6,"status":"done","tags":[],"date":"2026-04-17T23:24:13Z","url":{"schema":"http","addr":"friendsforever.life/","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"ip":{"addr":"15.197.148.33","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"friendsforever.life/lander","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"title":"friendsforever.life/lander","dom":{"size":922,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (776)","md5":"ef86f60338c0a8cccf010fd5c7fde79c","sha1":"e98923207323ea998c84cfcbc443c4361bb91e41","sha256":"85e538d85048d875c6e554ed569231626685cf551f8c83e2503745b2148308d1","sha512":"219f35d9408fa3178d44423ceb3a6f3d30d493663c5eb5784f2e03450a34a3af960022cded3396355105f25d1043131ecd595ec7473c8926bea2a5803eca3232","ssdeep":"","tlshash":"c01100c39c51c22c59b085dc7933fb2ea256901e9d91d880f5f0005969caad34c5a894","dom_hash":"domhash3eda90ef943b5e2e25bb94c9e2b5bdc3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"friendsforever.life/","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"ip":{"addr":"15.197.148.33","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-22T23:24:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-17T23:23:51Z","timestamp":1776468231,"ip_dst":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":52078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2026-04-17T23:23:51.604144+0000\",\"flow_id\":1708378020057644,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":52078,\"dest_ip\":\"3.33.130.190\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"friendsforever.life\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":114},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":676,\"bytes_toclient\":422,\"start\":\"2026-04-17T23:23:51.397868+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-17T23:23:52Z","timestamp":1776468232,"ip_dst":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":52078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2026-04-17T23:23:52.370858+0000\",\"flow_id\":1708378020057644,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":52078,\"dest_ip\":\"3.33.130.190\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"friendsforever.life\",\"url\":\"/lander\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://friendsforever.life/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":753},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":1256,\"bytes_toclient\":2129,\"start\":\"2026-04-17T23:23:51.397868+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.google.com","ip":{"addr":"142.251.150.119","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2026-04-12T22:38:35.592234Z","alert_count":0,"request_count":1,"received_data":354,"sent_data":445,"comment":"","tags":null,"fingerprints":null},{"fqdn":"img1.wsimg.com","ip":{"addr":"2.22.225.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"domain_registered":"2008-03-17","domain_rank":58983,"first_seen":"2012-06-20T14:42:31Z","last_seen":"2026-04-12T23:26:03.3649Z","alert_count":0,"request_count":5,"received_data":818508,"sent_data":2315,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"friendsforever.life","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-17T23:24:14.852155Z","last_seen":"2026-04-17T23:24:14.852155Z","alert_count":4,"request_count":4,"received_data":1654,"sent_data":1872,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"csp.secureserver.net","ip":{"addr":"23.44.47.70","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"1998-03-30","domain_rank":62352,"first_seen":"2022-12-18T21:17:09Z","last_seen":"2026-04-13T06:35:53.70754Z","alert_count":0,"request_count":2,"received_data":1016,"sent_data":1122,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"friendsforever.life/","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3effca764b1325dc476a4f275bb79d63","sha1":"83e96d57b2196e7dc7422e373d844941644d29ba","sha256":"6525c7cbcf52f274ffc5cbe01fd43c03fd77e9463d0757999a596776f0d4184b","sha512":"72188e1090ac227d6b67206326ff52924f0a264371024d22b1bed0a83a327e338b4044955da06d6bf02aa691b776990da4fddb1bdfead635696598d67646ad1b","ssdeep":"","tlshash":"20900289b011e5c411fa55265b17ba086063219bca105a4444010861653470f451abca","size":56,"data":"","first_seen":"2025-03-02T07:03:41.445505Z","last_seen":"2026-04-18T02:12:05.51007Z","times_seen":112682,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-17T23:23:51Z","timestamp":1776468231,"ip_dst":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":52078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2026-04-17T23:23:51.604144+0000\",\"flow_id\":1708378020057644,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":52078,\"dest_ip\":\"3.33.130.190\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"friendsforever.life\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":114},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":676,\"bytes_toclient\":422,\"start\":\"2026-04-17T23:23:51.397868+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"friendsforever.life/lander","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0101edc617f0c823dd41e318c9d39fc9","sha1":"d6464936a6d2fa4c765c4d92a2771f812ee1898f","sha256":"ac6eaa139076a0142af7792131f998e6fd1805556c5f7174c3bcb149b2fe3aae","sha512":"7571051c857497560db8f9a8e56be6f7f0be0d615326808157a554ce64d07ff1dd67ab9cbb1cd354c42420d95173d076027e7f887e41b31defac0d2b3eb11df5","ssdeep":"","tlshash":"f67000280080000088308aeb320b2a8c322cf0e0a0008b20b230228220c00038c02080","size":25,"data":"","first_seen":"2025-03-02T07:03:41.447619Z","last_seen":"2026-04-18T02:12:05.508994Z","times_seen":43019,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-17T23:23:52Z","timestamp":1776468232,"ip_dst":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":52078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2026-04-17T23:23:52.370858+0000\",\"flow_id\":1708378020057644,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":52078,\"dest_ip\":\"3.33.130.190\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"friendsforever.life\",\"url\":\"/lander\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://friendsforever.life/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":753},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":1256,\"bytes_toclient\":2129,\"start\":\"2026-04-17T23:23:51.397868+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"friendsforever.life/lander","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4566be3a5ae95b1cc330f895a1bf2265","sha1":"712e5d763efe3bc39da3e99fdd0e13c3a5cbc943","sha256":"b23d5005af4518da7309bbb1f5dc1acf5adf215a3e28e21c59501eedcc7f08e4","sha512":"6b733bf4affdac5ace6d720afe9b8626a6f2a1c9c5c3e93b1a3b51611825398acae79c46a907bcf0cf4aef0e36947655673a5202362eff3741cc5d1fdfda8297","ssdeep":"","tlshash":"e6a00261508050e444fc911533733f17f7a3140524806450d7d0051472dfc27d0043d2","size":63,"data":"","first_seen":"2026-04-16T20:30:26.794154Z","last_seen":"2026-04-18T02:12:05.511076Z","times_seen":53,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-17T23:23:52Z","timestamp":1776468232,"ip_dst":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":52078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2026-04-17T23:23:52.370858+0000\",\"flow_id\":1708378020057644,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":52078,\"dest_ip\":\"3.33.130.190\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"friendsforever.life\",\"url\":\"/lander\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://friendsforever.life/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":753},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":1256,\"bytes_toclient\":2129,\"start\":\"2026-04-17T23:23:51.397868+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"friendsforever.life/lander","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d5d32b0ee8d41b1e47a523df01b25b68","sha1":"ac3178156ab1fd26ac597c73367bed18880c5ce1","sha256":"167d38de22fc467ddbebd2a93ac19cd51bf189e0147c168a07f147ef8da0b609","sha512":"6a53edbf80bb8214232a9c68ce71076f23a0af76870a81219cc32cd31bc08558b2ebcfddeff4b0b86e983b1f1b63d65d82fdf792a0abd816587c4fd0e8688c9a","ssdeep":"","tlshash":"d09002840262480848ea662c0b06aa323730820880f3cce088c0e008320be43628b9c7","size":53,"data":"","first_seen":"2026-04-16T20:30:26.798415Z","last_seen":"2026-04-18T02:12:05.512374Z","times_seen":53,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-17T23:23:52Z","timestamp":1776468232,"ip_dst":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":52078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2026-04-17T23:23:52.370858+0000\",\"flow_id\":1708378020057644,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":52078,\"dest_ip\":\"3.33.130.190\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"friendsforever.life\",\"url\":\"/lander\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://friendsforever.life/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":753},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":1256,\"bytes_toclient\":2129,\"start\":\"2026-04-17T23:23:51.397868+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/parking-lander/static/js/main.a27b770b.js","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"2.22.225.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"eae1bfc216998f47fcefc377111ca1ab","sha1":"69c893ee43461de641036a1eccbc04684eafd434","sha256":"dc7d9b99aa219c405e543b7e8bb70581867cf88386400772a5fe4f083b85f0c1","sha512":"998f561a8e124c3bf2dc420f5e253350ee43b1c9d506dd6e43744282e24811ee35314396c21350816d9204877e8597dff6991166c1ce799ade0845b8fb469262","ssdeep":"12288:hpwc23tWcrQYnT7QYnT1DUk4f0WTI4WugqciqXD5N/ChtzkG:7wndDrQYnT7QYnTZ/CzAG","tlshash":"f1e42bce76e1b0b407e292eac43f6c4fb3686e15d008c561ef7ad9da9469449813bf1c","size":697506,"data":"","first_seen":"2026-04-16T20:30:26.790604Z","last_seen":"2026-04-18T02:12:05.505986Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"2.22.225.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"6b309239dc60d45e344f4d49a2c5f041","sha1":"c3f931166c53c402c065d8d63119f1009bb30ccf","sha256":"aed4593b11665f063ca6e5e6184435777c74615f5b5991ccdf4acfb8b08e2431","sha512":"4486905b59f275f398b0ffb6aa63dd92662a12d674861b2464a11797f6d0c322df6504f16dbd7c67b3562a9af55e32f344ee8ebc6b5dea2af869630099341a37","ssdeep":"1536:CzSGh6DmEMRNJHY/vbV4vlzH9UOa3mTM+xLxCLuf:8N9Y/ZE1f","tlshash":"33a3a598f6a1f07142e76165412f010bf379a966b0aed0d4e725e8f4adf84ce8173f29","size":104464,"data":"","first_seen":"2025-10-08T00:41:42.369445Z","last_seen":"2026-04-18T02:12:05.501868Z","times_seen":15626,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"img1.wsimg.com/parking-lander/px.js?ch=1\u0026abp=1\u0026gdabp=true","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"2.22.225.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://friendsforever.life/lander","date":"2026-04-17T23:23:52.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wsimg.com","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Fri, 05 Sep 2025 18:24:05 GMT","end":"Wed, 07 Oct 2026 18:24:05 GMT"},"fingerprint":{"sha1":"0E:95:B5:3C:BC:57:5B:29:44:36:31:82:4A:13:83:C0:BB:C6:51:2D","sha256":"2E:41:DD:15:BE:3D:3A:3A:29:F0:65:E6:52:EC:88:54:C4:60:01:9E:68:96:30:F3:2A:31:D9:A1:95:CA:69:24"}}},"request":{"raw":"GET /parking-lander/px.js?ch=1\u0026abp=1\u0026gdabp=true HTTP/1.1\r\nHost: img1.wsimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://friendsforever.life/\r\nOrigin: http://friendsforever.life\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: S/O4bJLg6JCGsFCyLH6wEdnq4G4b67cWMAKwGOCK48TmvhiP/K616PLaPZSDwH9iSJO2sTGdgOg=\r\nx-amz-request-id: RBRTDK32DBB2RQ4T\r\nlast-modified: Tue, 07 Apr 2026 22:34:44 GMT\r\netag: \"d41d8cd98f00b204e9800998ecf8427e\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: aEI639EDnqHJerexIgP2nXlslbFN6v.N\r\naccept-ranges: bytes\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=31536000\r\nexpires: Sat, 17 Apr 2027 23:23:52 GMT\r\ndate: Fri, 17 Apr 2026 23:23:52 GMT\r\ncontent-length: 20\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T02:23:12.335842Z","times_seen":13882258,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"friendsforever.life/lander","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-17T23:23:51.803Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /lander HTTP/1.1\r\nHost: friendsforever.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://friendsforever.life/\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T02:23:12.335842Z","times_seen":13882258,"resource_available":true,"data":null}},"time_used":211,"timings":{"blocked":211,"dns":0,"connect":1,"send":0,"wait":0,"receive":0,"ssl":237},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-17T23:23:52Z","timestamp":1776468232,"ip_dst":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":52078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2026-04-17T23:23:52.370858+0000\",\"flow_id\":1708378020057644,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":52078,\"dest_ip\":\"3.33.130.190\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"friendsforever.life\",\"url\":\"/lander\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://friendsforever.life/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":753},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":1256,\"bytes_toclient\":2129,\"start\":\"2026-04-17T23:23:51.397868+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/parking-lander/static/css/main.0e4ec69f.css","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"2.22.225.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://friendsforever.life/lander","date":"2026-04-17T23:23:52.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wsimg.com","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Fri, 05 Sep 2025 18:24:05 GMT","end":"Wed, 07 Oct 2026 18:24:05 GMT"},"fingerprint":{"sha1":"0E:95:B5:3C:BC:57:5B:29:44:36:31:82:4A:13:83:C0:BB:C6:51:2D","sha256":"2E:41:DD:15:BE:3D:3A:3A:29:F0:65:E6:52:EC:88:54:C4:60:01:9E:68:96:30:F3:2A:31:D9:A1:95:CA:69:24"}}},"request":{"raw":"GET /parking-lander/static/css/main.0e4ec69f.css HTTP/1.1\r\nHost: img1.wsimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://friendsforever.life/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: L6RWVR+BTR21kEVVgtKDT/sm3QRPaNKqHvnxQ1VC62W0GYAEHCDYKCDP1Cns29O4ITUvccQPvHs/pWHlXb7yg1j6WqdN2iky\r\nx-amz-request-id: 9JW5013D2QSXD5TW\r\nlast-modified: Tue, 07 Apr 2026 22:34:42 GMT\r\netag: \"d3133b6075a3f2271be9f0c674c92fef\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: Vi69Eu.1huZ2qHuJKDkRVnZanr1mPZmW\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=31536000\r\nexpires: Sat, 17 Apr 2027 23:23:52 GMT\r\ndate: Fri, 17 Apr 2026 23:23:52 GMT\r\ncontent-length: 3202\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":13338,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13293)","md5":"d3133b6075a3f2271be9f0c674c92fef","sha1":"455e67225e311feecf5e2f5187bddfd9e915ea14","sha256":"65c0becdb57a857269cf8c31c0a9147c6a820f9679d48a648a75c145f1e1a0d9","sha512":"5ca0b8f94bbad4f9f4ff42d0b984352a9804d81b2b747273defb88ba1f45d3645db0527c96a34ae459e27bfe42b31399559d9527d54aca8b17c8c8c90f8fa184","ssdeep":"384:v9HfffU8GKbmB9aLNLi6qjUYyQyl/B1nXSxHqUqCtC/0rtYYlO:v9HfffU8GKbmB9aLNLi6qjUYyQylvnUK","tlshash":"355298521d56113ee0378024d9f2e75d906af056d2afa7f5d836232f86df082f27aa4c","first_seen":"2026-04-02T20:52:40.390342Z","last_seen":"2026-04-17T23:45:12.473262Z","times_seen":1125,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":35,"dns":19,"connect":3,"send":0,"wait":5,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/parking-lander/px.js?ch=2\u0026abp=2\u0026gdabp=true","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"2.22.225.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://friendsforever.life/lander","date":"2026-04-17T23:23:52.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wsimg.com","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Fri, 05 Sep 2025 18:24:05 GMT","end":"Wed, 07 Oct 2026 18:24:05 GMT"},"fingerprint":{"sha1":"0E:95:B5:3C:BC:57:5B:29:44:36:31:82:4A:13:83:C0:BB:C6:51:2D","sha256":"2E:41:DD:15:BE:3D:3A:3A:29:F0:65:E6:52:EC:88:54:C4:60:01:9E:68:96:30:F3:2A:31:D9:A1:95:CA:69:24"}}},"request":{"raw":"GET /parking-lander/px.js?ch=2\u0026abp=2\u0026gdabp=true HTTP/1.1\r\nHost: img1.wsimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://friendsforever.life/\r\nOrigin: http://friendsforever.life\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: VFrRx0ex0BA0ol1LETZ1ECB/Kc41P96vXlBihgvXAdc+8F3pEYaZi/Q2Z9w+ppJNo0vIQI+9lgM=\r\nx-amz-request-id: RBRYGW5ETCGY8HPH\r\nlast-modified: Tue, 07 Apr 2026 22:34:44 GMT\r\netag: \"d41d8cd98f00b204e9800998ecf8427e\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: aEI639EDnqHJerexIgP2nXlslbFN6v.N\r\naccept-ranges: bytes\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=31536000\r\nexpires: Sat, 17 Apr 2027 23:23:52 GMT\r\ndate: Fri, 17 Apr 2026 23:23:52 GMT\r\ncontent-length: 20\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T02:23:12.335842Z","times_seen":13882258,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"csp.secureserver.net/eventbus/web?clientid=b18ef4f046435b64a469b32c3c1c20a3","fqdn":"csp.secureserver.net","domain":"secureserver.net","tld":"net"},"ip":{"addr":"23.44.47.70","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://friendsforever.life/lander","date":"2026-04-17T23:23:52.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.secureserver.net","organization":"Special Domain Services, LLC"},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Thu, 23 Oct 2025 00:07:48 GMT","end":"Tue, 24 Nov 2026 00:07:48 GMT"},"fingerprint":{"sha1":"0C:85:75:97:2A:6F:2B:92:48:28:1A:FB:30:8A:C4:98:A7:9E:26:CE","sha256":"2F:4B:65:33:11:10:9D:A1:94:4B:5A:5D:40:E6:63:70:B6:7E:1A:7F:E7:90:E4:E8:F4:4A:37:2E:94:17:64:AB"}}},"request":{"raw":"POST /eventbus/web?clientid=b18ef4f046435b64a469b32c3c1c20a3 HTTP/1.1\r\nHost: csp.secureserver.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1024\r\nOrigin: http://friendsforever.life\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://friendsforever.life/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1024,"data":"{\"schemaId\":\"urn:shared:user:events:/v1\",\"data\":[{\"global\":{\"traceId\":\"19e8b9cae542461aa45fb6e4806f48aa\",\"client\":{\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"sdk\":{\"name\":\"scc-c2\",\"version\":\"1.3.0\"},\"device\":{\"viewportWidth\":1280,\"viewportHeight\":1024,\"screenResolutionWidth\":1280,\"screenResolutionHeight\":1024}},\"page\":{\"traceId\":\"19e8b9cae542461aa45fb6e4806f48aa\",\"host\":\"friendsforever.life\",\"path\":\"/lander\",\"location\":\"http://friendsforever.life/lander\",\"referrer\":\"http://friendsforever.life/\",\"sessionPageViewCount\":0},\"context\":{\"userType\":\"c2\",\"visitorId\":\"d9454660-fe57-413d-8896-36732a132ef1\",\"sessionId\":\"d9454660-fe57-413d-8896-36732a132ef1\"}},\"events\":[{\"schemaId\":\"urn:shared:user:event:/data-platform/signals/page-view/v1\",\"data\":{\"eventCreationTimestamp\":\"2026-04-17T23:23:52.732Z\",\"forensics\":{\"traceIdAdopted\":false},\"traffic\":{\"pageLevelProperties\":{\"ap\":\"parking\"},\"customProperties\":{}},\"producerEventId\":\"46c3a14d-a0de-4ef9-af4c-23986c2b01f1\"}}]}]}"}},"response":{"raw":"HTTP/1.1 202 Accepted\r\nContent-Type: application/json\r\nContent-Length: 2\r\nAccess-Control-Allow-Origin: *\r\nx-bus-trace-id: 115463275602579868849845882145061657760\r\nx-envoy-upstream-service-time: 87\r\nx-error-info: 0\r\nx-request-id: 284930d9-2900-495e-8d9a-9f21cb55a34f\r\nExpires: Fri, 17 Apr 2026 23:23:53 GMT\r\nCache-Control: max-age=0, no-cache, no-store\r\nPragma: no-cache\r\nDate: Fri, 17 Apr 2026 23:23:53 GMT\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=86400 ; includeSubDomains ; preload\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"99914b932bd37a50b983c5e7c90ae93b","sha1":"bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f","sha256":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","sha512":"27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd","ssdeep":"","tlshash":"c7100000000000c00000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:15:26Z","last_seen":"2026-04-18T02:20:18.763047Z","times_seen":582818,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":34,"dns":20,"connect":1,"send":0,"wait":176,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"friendsforever.life/","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-17T23:23:51.141Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: friendsforever.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T02:23:12.335842Z","times_seen":13882258,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":0,"dns":34,"connect":1,"send":0,"wait":0,"receive":0,"ssl":208},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-17T23:23:51Z","timestamp":1776468231,"ip_dst":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":52078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2026-04-17T23:23:51.604144+0000\",\"flow_id\":1708378020057644,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":52078,\"dest_ip\":\"3.33.130.190\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"friendsforever.life\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":114},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":676,\"bytes_toclient\":422,\"start\":\"2026-04-17T23:23:51.397868+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"friendsforever.life/lander","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"ip":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-17T23:23:52.261Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /lander HTTP/1.1\r\nHost: friendsforever.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://friendsforever.life/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ncache-control: private, max-age=86400\r\ncontent-type: text/html\r\ndate: Fri, 17 Apr 2026 23:23:52 GMT\r\nserver: openresty\r\nset-cookie: traffic_target=gd; Path=/; Max-Age=86400\ncaf_ipaddr=91.90.42.154; Path=/; Max-Age=86400\ncountry=NO; Path=/; Max-Age=86400\ncity=\"Oslo\"; Path=/; Max-Age=86400\nlander_type=parkweb; Path=/; Max-Age=86400\r\nx-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJRmzcpTevQqkWn6dJuX/N/Hxl7YxbOwy8+73ijqYSQEN+WGxrruAKtZtliWC86+ewQ0msW1W8psOFL/b00zWqsCAwEAAQ_GqecLDBw8HbtmoIWdCMrR5agyfZ70xT7c4s5rUnnyDnzDiuoBe2b8fLYmCSYBytJ6tfH/7ND/6YrQfhukfxY7A\r\nx-content-type-options: nosniff\r\ntransfer-encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":795,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (794)","md5":"f2dcdbdd34c45a9c52fa940b3b47fcee","sha1":"f63462d13a66e224ceb39ece238a6e2c5be5f65b","sha256":"4482678d9e60f37ca133eac81c30ac45d7e58ea3a77d4fe642d93fb3e1a58a4f","sha512":"960e218b1c3b0f51f6981e6586a8d2daefd43f08dc0832843b4aa63347486bb0f731aebc7ff818e46fba5da92901354f8cc32ae2f9340b92933cfb924eeda212","ssdeep":"","tlshash":"1c01bdd29c51c61c0ab0869d7933fb2ea116e01addd2e881e9e0002669dabd34c5ac90","first_seen":"2026-04-16T20:30:26.787732Z","last_seen":"2026-04-18T02:12:05.49787Z","times_seen":46,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":110,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-17T23:23:52Z","timestamp":1776468232,"ip_dst":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":52078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2026-04-17T23:23:52.370858+0000\",\"flow_id\":1708378020057644,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":52078,\"dest_ip\":\"3.33.130.190\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"friendsforever.life\",\"url\":\"/lander\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://friendsforever.life/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":753},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":6,\"bytes_toserver\":1256,\"bytes_toclient\":2129,\"start\":\"2026-04-17T23:23:51.397868+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"2.22.225.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://friendsforever.life/lander","date":"2026-04-17T23:23:52.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wsimg.com","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Fri, 05 Sep 2025 18:24:05 GMT","end":"Wed, 07 Oct 2026 18:24:05 GMT"},"fingerprint":{"sha1":"0E:95:B5:3C:BC:57:5B:29:44:36:31:82:4A:13:83:C0:BB:C6:51:2D","sha256":"2E:41:DD:15:BE:3D:3A:3A:29:F0:65:E6:52:EC:88:54:C4:60:01:9E:68:96:30:F3:2A:31:D9:A1:95:CA:69:24"}}},"request":{"raw":"GET /signals/js/clients/scc-c2/scc-c2.min.js HTTP/1.1\r\nHost: img1.wsimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://friendsforever.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: sZHtSt/BAcaTNUdoxqmqc/sqQ4Q9S534Aven84WQkdXv1JYienXoeInBXkfA1kgn9Ov1XGgZSms=\r\nx-amz-request-id: P8Z2VKH8KJY1TRQV\r\nlast-modified: Thu, 19 Feb 2026 18:11:28 GMT\r\netag: \"6b309239dc60d45e344f4d49a2c5f041\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-version: 1.3.0\r\nx-amz-version-id: 5rz5mfani0A4Sx2XrwmZgSvEFZ7uFBOZ\r\naccept-ranges: bytes\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 21133\r\ncache-control: max-age=1800\r\nexpires: Fri, 17 Apr 2026 23:53:52 GMT\r\ndate: Fri, 17 Apr 2026 23:23:52 GMT\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":104464,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6b309239dc60d45e344f4d49a2c5f041","sha1":"c3f931166c53c402c065d8d63119f1009bb30ccf","sha256":"aed4593b11665f063ca6e5e6184435777c74615f5b5991ccdf4acfb8b08e2431","sha512":"4486905b59f275f398b0ffb6aa63dd92662a12d674861b2464a11797f6d0c322df6504f16dbd7c67b3562a9af55e32f344ee8ebc6b5dea2af869630099341a37","ssdeep":"1536:CzSGh6DmEMRNJHY/vbV4vlzH9UOa3mTM+xLxCLuf:8N9Y/ZE1f","tlshash":"33a3a598f6a1f07142e76165412f010bf379a966b0aed0d4e725e8f4adf84ce8173f29","first_seen":"2025-10-08T00:41:42.369445Z","last_seen":"2026-04-18T02:12:05.501868Z","times_seen":15626,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":37,"dns":21,"connect":1,"send":0,"wait":10,"receive":1,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.wsimg.com/parking-lander/static/js/main.a27b770b.js","fqdn":"img1.wsimg.com","domain":"wsimg.com","tld":"com"},"ip":{"addr":"2.22.225.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://friendsforever.life/lander","date":"2026-04-17T23:23:52.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wsimg.com","organization":""},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Fri, 05 Sep 2025 18:24:05 GMT","end":"Wed, 07 Oct 2026 18:24:05 GMT"},"fingerprint":{"sha1":"0E:95:B5:3C:BC:57:5B:29:44:36:31:82:4A:13:83:C0:BB:C6:51:2D","sha256":"2E:41:DD:15:BE:3D:3A:3A:29:F0:65:E6:52:EC:88:54:C4:60:01:9E:68:96:30:F3:2A:31:D9:A1:95:CA:69:24"}}},"request":{"raw":"GET /parking-lander/static/js/main.a27b770b.js HTTP/1.1\r\nHost: img1.wsimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://friendsforever.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: vRTYcRFlc9E9G/aGLIeB2Xw3ufj31p/wV4QW8GerJjXl0D8pIF5ZojQL3k0RtzMn6TgfOGybPLfs/SHb3lFA0J030CizYkUJ\r\nx-amz-request-id: 0J2DZDNWA24YZNQP\r\nlast-modified: Thu, 16 Apr 2026 19:03:01 GMT\r\netag: \"eae1bfc216998f47fcefc377111ca1ab\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: R6CfaQMXo7cxXsFuWMueJ25RJdwz9qEm\r\naccept-ranges: bytes\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=31536000\r\nexpires: Sat, 17 Apr 2027 23:23:52 GMT\r\ndate: Fri, 17 Apr 2026 23:23:52 GMT\r\ncontent-length: 183167\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":697506,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"eae1bfc216998f47fcefc377111ca1ab","sha1":"69c893ee43461de641036a1eccbc04684eafd434","sha256":"dc7d9b99aa219c405e543b7e8bb70581867cf88386400772a5fe4f083b85f0c1","sha512":"998f561a8e124c3bf2dc420f5e253350ee43b1c9d506dd6e43744282e24811ee35314396c21350816d9204877e8597dff6991166c1ce799ade0845b8fb469262","ssdeep":"12288:hpwc23tWcrQYnT7QYnT1DUk4f0WTI4WugqciqXD5N/ChtzkG:7wndDrQYnT7QYnTZ/CzAG","tlshash":"f1e42bce76e1b0b407e292eac43f6c4fb3686e15d008c561ef7ad9da9469449813bf1c","first_seen":"2026-04-16T20:30:26.790604Z","last_seen":"2026-04-18T02:12:05.505986Z","times_seen":53,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":34,"dns":20,"connect":3,"send":0,"wait":5,"receive":6,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"csp.secureserver.net/eventbus/web?clientid=8da2217409854bee82e12dc4ca0b39fb","fqdn":"csp.secureserver.net","domain":"secureserver.net","tld":"net"},"ip":{"addr":"23.44.47.70","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://friendsforever.life/lander","date":"2026-04-17T23:23:52.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.secureserver.net","organization":"Special Domain Services, LLC"},"issuer":{"commonName":"Starfield Secure Certificate Authority - G2","organization":"Starfield Technologies, Inc."},"validity":{"start":"Thu, 23 Oct 2025 00:07:48 GMT","end":"Tue, 24 Nov 2026 00:07:48 GMT"},"fingerprint":{"sha1":"0C:85:75:97:2A:6F:2B:92:48:28:1A:FB:30:8A:C4:98:A7:9E:26:CE","sha256":"2F:4B:65:33:11:10:9D:A1:94:4B:5A:5D:40:E6:63:70:B6:7E:1A:7F:E7:90:E4:E8:F4:4A:37:2E:94:17:64:AB"}}},"request":{"raw":"POST /eventbus/web?clientid=8da2217409854bee82e12dc4ca0b39fb HTTP/1.1\r\nHost: csp.secureserver.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1725\r\nOrigin: http://friendsforever.life\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://friendsforever.life/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1725,"data":"{\"schemaId\":\"urn:shared:user:events:/v1\",\"data\":[{\"global\":{\"traceId\":\"19e8b9cae542461aa45fb6e4806f48aa\",\"client\":{\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"sdk\":{\"name\":\"scc-c2\",\"version\":\"1.3.0\"},\"device\":{\"viewportWidth\":1280,\"viewportHeight\":1024,\"screenResolutionWidth\":1280,\"screenResolutionHeight\":1024}},\"page\":{\"traceId\":\"19e8b9cae542461aa45fb6e4806f48aa\",\"host\":\"friendsforever.life\",\"path\":\"/lander\",\"location\":\"http://friendsforever.life/lander\",\"referrer\":\"http://friendsforever.life/\",\"sessionPageViewCount\":0},\"context\":{\"userType\":\"c2\",\"visitorId\":\"5c75aa5e-3763-4745-91d5-0620478377be\",\"sessionId\":\"5c75aa5e-3763-4745-91d5-0620478377be\"}},\"events\":[{\"schemaId\":\"urn:shared:user:event:/rigor/page-navigation/v1\",\"data\":{\"eventCreationTimestamp\":\"2026-04-17T23:23:52.742Z\",\"navigationType\":\"navigate\",\"timing\":{\"navigation\":{\"connectEnd\":1776468232254,\"connectStart\":1776468232254,\"domComplete\":1776468232737,\"domContentLoadedEventEnd\":1776468232737,\"domContentLoadedEventStart\":1776468232736,\"domInteractive\":1776468232678,\"domLoading\":1776468232374,\"domainLookupEnd\":1776468232254,\"domainLookupStart\":1776468232254,\"fetchStart\":1776468232254,\"navigationStart\":1776468232254,\"requestStart\":1776468232260,\"responseEnd\":1776468232371,\"responseStart\":1776468232370,\"loadEventStart\":1776468232737,\"loadEventEnd\":0,\"pageLoadTime\":483,\"domContentLoadedTime\":482,\"domInteractiveTime\":424,\"pageDownloadTime\":1,\"serverResponseTime\":110},\"paint\":{}},\"traffic\":{\"pageLevelProperties\":{\"ap\":\"parking\"}},\"producerEventId\":\"aa0bd100-7be5-4360-8567-5037d0ade92d\",\"contentLoadType\":\"hard\",\"response\":{\"transferSize\":1509,\"encodedBodySize\":795,\"decodedBodySize\":795}}}]}]}"}},"response":{"raw":"HTTP/1.1 202 Accepted\r\nContent-Type: application/json\r\nContent-Length: 2\r\nAccess-Control-Allow-Origin: *\r\nx-bus-trace-id: 253484632753045711907405724811733956034\r\nx-envoy-upstream-service-time: 91\r\nx-error-info: 0\r\nx-request-id: 680f5a6f-dac0-4f4e-abd3-c25b3a6bf7cd\r\nExpires: Fri, 17 Apr 2026 23:23:53 GMT\r\nCache-Control: max-age=0, no-cache, no-store\r\nPragma: no-cache\r\nDate: Fri, 17 Apr 2026 23:23:53 GMT\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=86400 ; includeSubDomains ; preload\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"99914b932bd37a50b983c5e7c90ae93b","sha1":"bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f","sha256":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","sha512":"27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd","ssdeep":"","tlshash":"c7100000000000c00000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:15:26Z","last_seen":"2026-04-18T02:20:18.763047Z","times_seen":582818,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":32,"dns":18,"connect":1,"send":0,"wait":179,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"friendsforever.life/","fqdn":"friendsforever.life","domain":"friendsforever.life","tld":"life"},"ip":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-17T23:23:51.398Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: friendsforever.life\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ncontent-type: text/html\r\ndate: Fri, 17 Apr 2026 23:23:51 GMT\r\ncontent-length: 114\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":114,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with no line terminators","md5":"e89f75f918dbdcee28604d4e09dd71d7","sha1":"f9d9055e9878723a12063b47d4a1a5f58c3eb1e9","sha256":"6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023","sha512":"8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0","ssdeep":"","tlshash":"eeb092ddbc61e48018e535511ea3b60d146a22ebb9018b4018c00836a96035f8d0aac5","first_seen":"2024-03-15T21:37:10Z","last_seen":"2026-04-18T02:12:05.496347Z","times_seen":125144,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":1,"dns":0,"connect":1,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-17T23:23:51Z","timestamp":1776468231,"ip_dst":{"addr":"3.33.130.190","port":80,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.17","port":52078,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.life Domain","source":"{\"timestamp\":\"2026-04-17T23:23:51.604144+0000\",\"flow_id\":1708378020057644,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.17\",\"src_port\":52078,\"dest_ip\":\"3.33.130.190\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027876,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.life Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"friendsforever.life\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":114},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":676,\"bytes_toclient\":422,\"start\":\"2026-04-17T23:23:51.397868+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026gdabp=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.251.150.119","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://friendsforever.life/lander","date":"2026-04-17T23:23:52.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:37:36 GMT","end":"Mon, 22 Jun 2026 08:37:35 GMT"},"fingerprint":{"sha1":"08:79:9D:7F:DB:8C:0A:9F:3E:E2:C7:8A:F2:4D:E4:E2:5B:36:28:22","sha256":"07:42:F0:13:40:B6:A1:62:31:62:8E:96:2F:96:8C:7C:C0:5B:F0:8A:DB:0B:A6:E2:44:14:41:7D:B2:7C:B9:74"}}},"request":{"raw":"GET /adsense/domains/caf.js?abp=1\u0026gdabp=true HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://friendsforever.life/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncross-origin-resource-policy: cross-origin\r\ncontent-type: text/html; charset=UTF-8\r\nx-content-type-options: nosniff\r\ncache-control: no-store, must-revalidate\r\ndate: Fri, 17 Apr 2026 23:23:52 GMT\r\nserver: sffe\r\ncontent-length: 1604\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T02:23:12.335842Z","times_seen":13882258,"resource_available":true,"data":null}},"time_used":481,"timings":{"blocked":223,"dns":1,"connect":21,"send":0,"wait":31,"receive":1,"ssl":202},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}