{"report_id":"c9fcf069-7318-4a78-b954-c5ec0fffb19a","version":6,"status":"done","tags":[],"date":"2026-02-14T02:56:06Z","url":{"schema":"https","addr":"getmattlefun.com/","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"getmattlefun.com/","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"title":"Mattle.fun","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"getmattlefun.com/","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-21T02:56:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-14","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"getmattlefun.com/","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-14","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"getmattlefun.com/orion.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"getmattlefun.com","ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-16","domain_rank":0,"first_seen":"2026-02-12T20:25:05.27111Z","last_seen":"2026-02-12T20:25:05.27111Z","alert_count":43,"request_count":14,"received_data":4375652,"sent_data":6515,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"app.mattle.fun","ip":{"addr":"104.21.12.43","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-03-19","domain_rank":0,"first_seen":"2025-09-22T03:56:03.334414Z","last_seen":"2026-02-12T20:25:05.831727Z","alert_count":0,"request_count":1,"received_data":10751,"sent_data":458,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"getmattlefun.com/","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e7cedee5f4aabfe0f0a25596641b0073","sha1":"9e90df4076abbd3350295826c5ad3ec1856ffd56","sha256":"c2e60dc68f09c70895f8cb98a4a88e16cf3c691d5a96b9c93c3aab931eafc258","sha512":"17dc0e86fcd7af709d5ffb50d255169d2300566d30c2da4345505703e6a6ebf303df263db9561688753bc03af86b134ccfa9f763966f8612ef554be796d6c025","ssdeep":"1536:jQe6pw4biVcuVXdWAgB1PusH2DY7sX3lX56oH:Me6KBVcuVtWAgR2Do2X6oH","tlshash":"7fa340d59a4bd0e08e5a11edd077ed0ae0281aa3cdacf193b92cded1355df22c84753a","size":104467,"data":"","first_seen":"2026-01-07T13:23:26.460119Z","last_seen":"2026-02-14T09:07:38.76649Z","times_seen":45,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-14","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"getmattlefun.com/","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/orion.js","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8256cac1bd4bdcddf5d245ee81fcc52e","sha1":"9a6dedf90a6703f3b2f4cdaecff3226bf689d201","sha256":"ab8c63dd12dd03136ccd032e5b3884c3d6fe72a9a36d8bca6bf99434332dd3bc","sha512":"2a46c67ddb2cb0c7680f68bd4d0e622ead7cc38a0c8034cade6f7bbde1a5c7c4bdce17e489646a28af1126b87c1f525d723f2592bacb4fff47001ab15727965c","ssdeep":"1536:9kaRasaz1dd527mjiIs113usHqBYLsVFX5saB:9kaRcz732aiIsVqBMs5saB","tlshash":"37b340d6594bd0d58e1a10edd077ec09e0681aa3cdacf183ba2cded2755df22884763b","size":107989,"data":"","first_seen":"2026-01-07T13:23:26.426463Z","last_seen":"2026-02-14T09:07:38.758383Z","times_seen":45,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-14","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"getmattlefun.com/orion.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/be6e4328-62dd-47f8-ae17-3d90b8877ff6","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f11bcdc7b7757c117a8de0db3a4c25b8","sha1":"962e4d08a960106c829d0f9d492d7b891927adab","sha256":"b60b89c0c92cf57329c8590a2c5540cece4def64e4e7bf04f2d39b8ffa3b2748","sha512":"7461553dadb09db423bda8c47a58f8cdade82aa710a0f4415cde912e7a88cd4471ea86aa58a2e5097c90e2cb45ac410104019c56a04c35955e827f0bb0796040","ssdeep":"6144:vkWGL6BSn5NGCk3zi0mCw8wLPNU2HZjGfty3:cjkSnv1k20mCwFnHRGfty3","tlshash":"1044810609ac4f7986ec22e015f72cc401794e0ad9dc3cbfb9ada1579e25bd6e0c279d","size":259964,"data":"","first_seen":"2025-07-13T03:04:16.940864Z","last_seen":"2026-06-13T15:26:27.77669Z","times_seen":5042,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4149341b7e248d6c12e9d7f0f3592e52","sha1":"86358e7fe78337c2468bb62a19d75b416e9f2184","sha256":"fa494689bbe3c8af08e10010b89e72c90d1e195526574868700dfc9a083bb962","sha512":"6b74ebc423dcc758bdd1d92da41708bfb6141491026fa29b0b2bbbc9951d767261cb191f40dedf60cd4a587ef184be1e58c87ec0a680e003a24d278371660d66","ssdeep":"","tlshash":"3401f65d27f332b9627f2162d2038489be50506370dadc49741c91894fd6e6464de69a","size":713,"data":"","first_seen":"2025-08-31T03:07:46.728338Z","last_seen":"2026-02-14T02:56:08.979808Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"getmattlefun.com/favicon.ico","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:44.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: image/x-icon\r\npriority: u=6,i=?0\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"6969bc68-3c2e\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XN1bUYxp7Ko9ye66A0YOxeIjIULMIJQC1hJfnM%2FQq7%2BWLuykX2%2B2gKl6c3QdeOTK1jJdJbjMk1%2BiwTTwoD4QYdIQmipHlErtwiW4gwFwVMY%3D\"}]}\r\ncf-ray: 9cd949cc5fd04c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"7736f62e9eb080d2c46bbad664f0d189","sha1":"7b7b5edae54cd8f9bf45b19d073d1682687b12a8","sha256":"dd9a00ffadc2f8ed6d53c2d871d0377d3a9e072f25e57a2fde3f91ed77b6b3f4","sha512":"4802a27ece078e396ee559901d22333697a991155cfc2f3146d5717c1e62e92cefbf60ff7c02c844f94b493eded6ba28b73d905f0927d0d78f4e347caaa5ad3f","ssdeep":"192:BCvBr7aB8M4nYmyzbA51DCiAazdJxz+TMo:BCvK8M4nYjiVJxz+Io","tlshash":"54620d33ef109658dcad71fe5caaa9459812cd205c7dcb92b899bb1f50a1f4d620c12f","first_seen":"2025-09-22T03:56:21.884769Z","last_seen":"2026-02-14T02:56:08.96359Z","times_seen":3,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/degen-background-img.png","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:44.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /degen-background-img.png HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 317158\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\netag: \"6969bc68-4d6e6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y1E%2BCMZPcuEZYF6hO9tL4UOrcDO5SfKgF6NuxAJR6mYdcyOmvU2MhOQiTiaQToV05gefXwbkLo5otJcGU2AftPFVYL7Qd27I0DINjFsaBkM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd949cc6fd54c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":317158,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1440 x 810, 8-bit/color RGBA, non-interlaced","md5":"d8850a9b1f2bc0377ff1fb95cd89d7c1","sha1":"4acda461551ce0357ab2d8d96ef0164a06431369","sha256":"d7948c62cca8ad47f2f334b5cb2c05a3c2a5007adcce70931be80c7f64dbdd1b","sha512":"f37b2e34cd39f808fe143726c351011a40ec7bb22b095eabe8c8c3822eccb638b571130533203428e34ac5ccf42271c01b1f084b80c84ff2e9d401c2f7fbe241","ssdeep":"6144:KsK5TsF2Rk9nHPkWLZGsLNOjdUSa4K5kR22RyA3i6zUu6RETJ3W9nc7S:KfsYCMw4R22o4x+iTJGCS","tlshash":"e164ef666571d95d1ed610bebf90023e17a1e16bdabc1832db340e805e80e5cdcadd3e","first_seen":"2026-02-12T20:25:11.06994Z","last_seen":"2026-02-14T02:56:08.96438Z","times_seen":2,"resource_available":false,"data":null}},"time_used":489,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":212,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/main-background.png","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:44.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /main-background.png HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/6d78010c07f5deb0.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 8065\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\netag: \"6969bc68-1f81\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y1MnlBojtLaAX0VplDhp0tqRc1EwVgaktPsb3LZ7ahrCCQN%2FzWeS%2BTM%2BCb3Y4B4RGB%2Bgbz%2Fl4ff2SuOvVAtuN2oKWlfdC1AjRoQtSVgQxjg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd949cc6fd74c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8065,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 960 x 720, 8-bit/color RGBA, non-interlaced","md5":"a10e421237e5104318fb707048084fbf","sha1":"3bb22a5df5cf781a43d80729a05ccaf364dc701b","sha256":"2b128071c8a47ea4d73d575cbeee8ff4743a4f5e2129dbc4ba2f631ea320ebb9","sha512":"4c6b4bdab3c97497c7f20f30dbc9e054554cc093da807a6d3f2d9bd8d012ca1e7e4003b75fd929b0e828dc077380250b8bf2504762dca8d81d990d85d4f07c8d","ssdeep":"96:dS87LyhXHziF6Yf56ziF6Yf56ziF6Yf56ziF6Yf56ziF6Yf569lEnztBquYDQGRD:dS83NXXXXuuGDzu6mXz7aNxGzHNPUnyg","tlshash":"94f1b350d21d305f348711a518ae39a898e3ec56372dfde3b809f9729b2d6da2370787","first_seen":"2025-09-22T03:56:21.852771Z","last_seen":"2026-02-14T02:56:08.965557Z","times_seen":3,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":247,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-14T02:55:43.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 14 Feb 2026 02:55:43 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V1ThupWp%2BdzAo3DGRGrVosnXXKaoW5iVaBKk0n%2FvGaDMJfuxep8Z4Th0kUquR45%2Ffz4fH64RHI2f%2Bwr368dAyDi5qYTASBCrSQ%2BHFQONNFc%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9cd949c68e655fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63467,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (35330)","md5":"355f40cba83f09d399d4f7d592846b37","sha1":"6f4a2a3fa6887bea685c358d99b733393572e7f2","sha256":"d8ad763d2505d394eaae7ce80e060118f61c153aca572850e1a6fcefed3e8483","sha512":"88fb6ab5d38f7b28e99ab29bc30c0ca01603f1d0bb6cc8890074d2d9bbf4a5cfda96afbacfd34d51ad61ab21ed6d722216f8173789c5b952f8010897d8888f18","ssdeep":"1536:nDJEJUn7G0AT1BoEdoEdoEdoEdoEdoEdoEdoEdoEdoEdoEdoEbxEsFS6LqL:1EJUnzCxEshLqL","tlshash":"ae5322e40ae55a7db26fcb70d6509886e22bb368f96a7c0470fd22505f478efd25f102","first_seen":"2026-02-12T20:25:11.095844Z","last_seen":"2026-02-14T02:56:08.966656Z","times_seen":2,"resource_available":false,"data":null}},"time_used":425,"timings":{"blocked":77,"dns":62,"connect":2,"send":0,"wait":269,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/css2.css","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:43.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/34a72a2dfc6ca7d9.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\netag: W/\"6969bc68-840\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Sg1l4chDxI2g4XaMHWSf2jmxrSjlDOWNkrB%2FNI23giSugwHxgHcy44vwsFIIWtjOPVY%2FPECE3EjX4lwrevANbKZnv0LtQ%2FarinRjp0DSu5Y%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9cd949cb0fad4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2112,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"94008a89c8d6024db3d861cb7ba4a4f4","sha1":"51705aa43b6b5fe174beb82b06c56178246906ec","sha256":"0a0b13c690f1a1ed9e59cf520667bb9f3d3cee7e8ea89318a03f40ba9b9cf05b","sha512":"e54628d0a2daf050618534f61b4283e15f80ba17123dab3289050740e501a76d9dff62026199c6e2c7df929a7e2d7e3c56b0e22d47a4877dfcd71176264467e0","ssdeep":"","tlshash":"41418b80087ba504d7931cc122ce7e32ee2db19064459d346ffe1498fc5bd59a3b2b4d","first_seen":"2025-01-25T17:56:03.203401Z","last_seen":"2026-06-13T05:32:08.549047Z","times_seen":886,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"app.mattle.fun/images/android-chrome-512x512.png","fqdn":"app.mattle.fun","domain":"mattle.fun","tld":"fun"},"ip":{"addr":"104.21.12.43","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:44.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mattle.fun","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Feb 2026 11:23:16 GMT","end":"Mon, 04 May 2026 12:21:48 GMT"},"fingerprint":{"sha1":"ED:E8:78:53:90:87:05:06:60:77:B4:F8:C5:26:5E:AA:F4:1F:A4:AE","sha256":"38:51:92:5D:29:6A:CB:64:74:7D:F6:7E:25:82:E3:66:44:9E:8B:8F:45:2E:DF:8B:46:91:71:7E:B3:0A:13:1D"}}},"request":{"raw":"GET /images/android-chrome-512x512.png HTTP/1.1\r\nHost: app.mattle.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 10097\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Fri, 23 May 2025 08:47:44 GMT\r\netag: W/\"2771-196fc53ae1f\"\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w8np3QWcdWaRWV9dY5mqB53Wuq0lBMzZppEVtyKL2ePzqkMJpTPiYJd2pVm8hetV7%2F4hYjeIHFbRDPYIo8CDQ%2Bh6RkWE%2Bp9%2BIwruJHyO\"}]}\r\ncf-ray: 9cd949ccc9f81525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10097,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"793877071c338da0b3c8dc0dec01fa36","sha1":"10311025bb60d7c392c3ca60ff178893e1a8638a","sha256":"224bef97d1a57226047cfee90f718d8268c6715da5d9ff309629d1ba7eeeb19b","sha512":"c2f1349cebbd7b5ff0a57cbd6c01897b44a2077b9209de56626f8e1e89dd42586b22befcb8e933507627f3d89cac12e5570a151d234bb7d88dcb135ea772dc12","ssdeep":"192:R4+EEiWeGWlE4qWAhjC/QyyyyyWSrH6rAf/5f69+qoWL3LzW622222222222222h:RpEEiFE4qoqSrKAf/5f/9WL3W+","tlshash":"f2222fd8d1cb12367982f6b00232f114db5ec8b3a860dd6b9163e25cd2f7c685dd2ea0","first_seen":"2025-09-22T03:56:21.88377Z","last_seen":"2026-02-14T02:56:08.968418Z","times_seen":3,"resource_available":false,"data":null}},"time_used":901,"timings":{"blocked":-1,"dns":55,"connect":1,"send":0,"wait":828,"receive":1,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/e79354a5762c4e558eb87ee5173fb7857404b3e3.svg","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:44.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /e79354a5762c4e558eb87ee5173fb7857404b3e3.svg HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"6969bc68-106\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=E49x9bEI2Ldt8LxUWV0hvRZgfhiFIzp2JobwFNLcMrKav9ohwIxU%2FToIKpHBYVFLN1weX%2B0VM%2FfoCT%2B1D2wQl7J722KtN%2FlGtyDDaiR3Cdw%3D\"}]}\r\ncf-ray: 9cd949cc6fd64c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":262,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e7c07ac05145682f52f736f678a78c30","sha1":"e79354a5762c4e558eb87ee5173fb7857404b3e3","sha256":"5b61ca8f723f3ae32c91c1231486ed1d51d1e8eaa61a4e10b256f3f2e67d3322","sha512":"b700cf41d049c20fb1756f5dc8515f0518862cf1bc8a043f647ae107a3d2b295fb24fcf3c0e964fcf10c578f3ceb5bc6f667cb2ab671e0ef97106ebeff041ea2","ssdeep":"","tlshash":"d5d05ea5c389c83fe1c9023479756c9ce46b5f54029530d87872121bf640b5d1c7c9d8","first_seen":"2026-02-12T20:25:11.087553Z","last_seen":"2026-02-14T02:56:08.969925Z","times_seen":2,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/secureproxy?e=jscdn/getFile","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:44.102Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://getmattlefun.com/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://getmattlefun.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"eo2upuit3j1bi7kc0oxl\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, origin, access-control-request-method, access-control-request-headers\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=drKyI6nQIaxQ5FpasiRPWtDeMOK69C%2F3lO7dlwKBJT0m6GWKhRfoN8Hbs7%2BQ%2B66Ik1n2LG9wc899fG09GCfCGLd2%2Bx1o9M0x7YDO6TeAKkiqJw%3D%3D\"}]}\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\npriority: u=4,i=?0\r\ncf-ray: 9cd949ccafe34c11-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3423168,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"74aac4a639981087f5584a8eacef9e4d","sha1":"dd49af5b0d7212fc0479574f4c31c189532765c7","sha256":"ca5993103b3c4f94d11b730bd93ad28e8aa18ce78b7b1c864305dd0afbc38815","sha512":"8cf9b2f9d96a86b2ff5cecada39819a92021229373332d46e9f6b6f2714cf0ce88b937b12cf1d0a0e73352037254e865a9e1f4dae126f160d8a3c83983248aa7","ssdeep":"24576:nb/YWmLkwsOukzMSPbg+lsVo5/Cr0OSzcfUjel7M0RJp:bGkwdNZngkO5Jp","tlshash":"692523e26f579828cf5c4ee9613b6d0e2c040c512489faf6eaa5e88731da77041e7d39","first_seen":"2026-02-14T02:51:48.129088Z","last_seen":"2026-02-14T02:56:08.971008Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1288,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":545,"receive":743,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/34a72a2dfc6ca7d9.css","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:43.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /34a72a2dfc6ca7d9.css HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:43 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\netag: W/\"6969bc68-12d8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Bq9OOibp%2BsCrM5%2FxDQGQe3IjigCzjIJ0xoBXMm3p3t%2Fx9D%2BRKyrA6o8IHgAt%2FI%2Fl4xaXTE16aPq1ruLO4pxlAiH3EnriBxYCS3gl5co8n6Y%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9cd949c92f744c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4824,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4824), with no line terminators","md5":"9fce8a5155d1ab6c72f7b0c21e608e0c","sha1":"b2ba3c49f7ba1a8c897de1472601f39d34e94058","sha256":"7b70135462a2b8e623470cea9c655df3ccb02e96438b40a475efb4856a6d27c7","sha512":"01e9880412e94b801ecd1a4c295d31cea9f7b08c1899d0d359cb13de83e26a517dd009684c81cd015e570fd75fcdddfad9735fdf67ecc889992b09bb445fe954","ssdeep":"96:4NzDqjoIFgcOQ6Qg1iKdKZMpM5U6x4/GXYF3OquE47Hnqh3aD505iqX8XFXgXcX2:4NzDqjoIFgcOQ6Qg1iKdKZMm5U6x4/Gy","tlshash":"f0a1c0428f753328f63bc34e39919ad5f6d4cf41b429593862aa235dc9cf0490a6db4b","first_seen":"2025-08-07T13:05:00.460712Z","last_seen":"2026-03-07T01:03:11.560559Z","times_seen":13,"resource_available":false,"data":null}},"time_used":281,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/6d78010c07f5deb0.css","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:43.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /6d78010c07f5deb0.css HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:43 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\netag: W/\"6969bc68-ea38\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rlxQL4VBgQ8b6yFHWWZzxlseTVRpqWSzzQOZJ%2Fvd%2Fz7Y7Be%2B6tJv3VLsSzfMtExC7815lmDbiiAx2D9rgRcBS%2BFAtRN5X3lSMcjLdQ06LTo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9cd949c93f754c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":59960,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (57667)","md5":"61ca66411a1dd0647bc97af8c1f4c0b4","sha1":"c7591ddfc6fc9a6d2f7cb9eaedc83a0ad689a7a7","sha256":"b5f168eb9f7e6a447ea9bbffc72c978901debd3ac552fef02f6553630db1c77e","sha512":"4faae0748dccd8778066e5dfe01f0777f4ff300333e82244f4eec4fe8844ae8fa9635b6d4cf9d9d9611a6ceb2126c0d584990e937e64f40ff7310de148bed46a","ssdeep":"1536:GHAV/IB5/e0d6NDwGgEd4HhOaYJQE16EEBwbd0gGeSD6rqWAfPpMhhoytIpIbS8m:GHU/IB5/e0d6NDwGgEd4HhOaYJQE16EY","tlshash":"a743b6e52719203fb41641b6d4f1bcc8722bdb91ef63e6f3fc115522ca80ae91ab5724","first_seen":"2026-02-12T20:25:11.069025Z","last_seen":"2026-02-14T02:56:08.972791Z","times_seen":2,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/index_1.html","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:44.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /index_1.html HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fY2NLJ9XMXA1K15WiuDgCB%2BjKFF3gFmVHKA1zz2pVIwISsgp%2BiP6fsjOrIUPlDy1gG5JRcEei20cyignDK1DXl6oRE0rFJtyPyhJSYLQ%2FuE%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd949cc4fce4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":142,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with no line terminators","md5":"292f74c92c97c686c723a291030cfa93","sha1":"ff7ce2a278d64bb71b8a15797fd10276ea6f0df2","sha256":"baf0572ea402de47c8c0c44f67fe0b4af40bd7bc06f5733bac13f51bb4ac4d08","sha512":"4f34b0d47baba42b1c93958d291540f76e16fb3f67405fec9d87d0d8d57bf4ae454b63e8462a3b238ff1f6306323f7af84e182781658961d0acac1e55b70d953","ssdeep":"","tlshash":"54c02b22dc04480f3d009fd1cb8af1c4c003dc3ce8315c00b867b544e9ac131c012548","first_seen":"2024-08-19T15:34:07.77924Z","last_seen":"2026-06-13T12:25:58.336514Z","times_seen":455,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/navbar-event-bg.png","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:44.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /navbar-event-bg.png HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/6d78010c07f5deb0.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 176429\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\netag: \"6969bc68-2b12d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gp5ElBO94jmqF%2BUgJkfXfRhJl9ld%2BAf7tuzpDFus1a09lyNamdEaPCIU5HuoxxJXUQymv6JOg98YW0pjWH2Sp05Fd3YYzHxZujdFIqrRc3Y%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd949cc6fd24c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":176429,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1440 x 40, 8-bit/color RGBA, non-interlaced","md5":"9847af5ff6b98c111b3f7c833b9ef84a","sha1":"295b0b2d7dc650353866ed994f046cbebfe05b0e","sha256":"113c7ed72598d3304eeb9a421cd0ea4ff4635714078d4d58aaa0a65a80217ee2","sha512":"e0409605448ba62faa99bf8d366c1eda30bdf6c3fbe573af388c28da2d645eb9989091132c5234758cbd87503ca42671a99a2c031cdd2c5abd63d13b1715bcb4","ssdeep":"3072:JHwJaks/ChF2EihTynnNlr93MSxmaY68JClQei8gfc5Y42dj:RVCn2NhT+Nlr9dMJClbi8gfu92dj","tlshash":"b7041370eba6125027ec70f39136f5a9198e12ccf2f02c2ff39dbd845da569c241699d","first_seen":"2026-02-12T20:25:11.083195Z","last_seen":"2026-02-14T02:56:08.974508Z","times_seen":2,"resource_available":false,"data":null}},"time_used":457,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":190,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/1e8ae1b61120b77e4a64170781659b8d2575b6f1.svg","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:44.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /1e8ae1b61120b77e4a64170781659b8d2575b6f1.svg HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"6969bc68-106\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qDJxI5kSN6aGxjjMd5EdmCyYrtPZMvgcPZKUsYjOOsiFLidKmxKKOLdPgBw%2B4gwVjHTNg%2BF1aC%2Fdqp%2B5EDD%2FGwLUgFiDK3Caghpdeb8K8w0%3D\"}]}\r\ncf-ray: 9cd949cc6fd44c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":262,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9afcbf8d98df3c657a14e958c55cd53f","sha1":"1e8ae1b61120b77e4a64170781659b8d2575b6f1","sha256":"ee57cb551e21cbd9ee1ba627d8ca9946949977e2d97ea03fe5ac243aad655400","sha512":"3f841002ed3d05e80f3ab5138828b08d95e34ce5b0cbf00777e57a5fa298286014544bb1ed2eb6e31c14141927fe0870be6d2e8a94a2d7062b9d124923612e14","ssdeep":"","tlshash":"7ad05ea9c389c93fe1c8463469766c9cd46b5e5442c530d87872120bfa40b5d2d7c9d8","first_seen":"2026-02-12T20:25:11.066577Z","last_seen":"2026-02-14T02:56:08.975588Z","times_seen":2,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/orion.js","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:43.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /orion.js HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:43 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\netag: W/\"6969bc68-1a5d5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FDi141Exhs33mUSAp%2FColj4mAHQgmkazleToI3s5xCeyOZCgzr67A%2BGcwNSA9PN7EbzU5EaRjuF1EkQuapUXeJ9RKB9rKmvmIQzvn1O8EXU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9cd949c92f734c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":107989,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8256cac1bd4bdcddf5d245ee81fcc52e","sha1":"9a6dedf90a6703f3b2f4cdaecff3226bf689d201","sha256":"ab8c63dd12dd03136ccd032e5b3884c3d6fe72a9a36d8bca6bf99434332dd3bc","sha512":"2a46c67ddb2cb0c7680f68bd4d0e622ead7cc38a0c8034cade6f7bbde1a5c7c4bdce17e489646a28af1126b87c1f525d723f2592bacb4fff47001ab15727965c","ssdeep":"1536:9kaRasaz1dd527mjiIs113usHqBYLsVFX5saB:9kaRcz732aiIsVqBMs5saB","tlshash":"37b340d6594bd0d58e1a10edd077ec09e0681aa3cdacf183ba2cded2755df22884763b","first_seen":"2026-01-07T13:23:26.426463Z","last_seen":"2026-02-14T09:07:38.758383Z","times_seen":45,"resource_available":true,"data":null}},"time_used":340,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":296,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-14","alert":"PHP webshell using some kind of eval with encoded blob to decode","trigger":"getmattlefun.com/orion.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/02/07","description":"PHP webshell using some kind of eval with encoded blob to decode","hash":"1d4b374d284c12db881ba42ee63ebce2759e0b14","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_encoded_big","score":"50"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"getmattlefun.com/sub-background.png","fqdn":"getmattlefun.com","domain":"getmattlefun.com","tld":"com"},"ip":{"addr":"104.21.90.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://getmattlefun.com/","date":"2026-02-14T02:55:44.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"getmattlefun.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 16 Jan 2026 03:22:03 GMT","end":"Thu, 16 Apr 2026 04:20:49 GMT"},"fingerprint":{"sha1":"35:56:05:74:6F:25:69:DF:B8:C5:16:E7:D7:96:26:95:9A:C6:34:88","sha256":"EA:48:EA:76:3A:E1:91:C8:5D:33:9A:68:2B:D6:C5:3F:07:4F:51:7D:98:FA:01:DF:CA:9B:60:05:2C:B3:A6:45"}}},"request":{"raw":"GET /sub-background.png HTTP/1.1\r\nHost: getmattlefun.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://getmattlefun.com/6d78010c07f5deb0.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 14 Feb 2026 02:55:44 GMT\r\ncontent-type: image/png\r\ncontent-length: 183495\r\ncast-mode: default\r\nlast-modified: Fri, 16 Jan 2026 04:19:52 GMT\r\netag: \"6969bc68-2ccc7\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PHFLFha4WYU9jXoAHBZWzSL4CFMNENfGEqA%2Bzfdh9dpF20%2FZJbeXjH%2FsFf24bVsT9DAwscI2H3Dlyj9eS9I6MHBaIZhc%2BdPivYAHmrvd2qQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cd949cc6fd14c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":183495,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1440 x 959, 8-bit/color RGBA, non-interlaced","md5":"54493e91d22d513bed88e60fa7cc9459","sha1":"4507a851ba9ab4e824dd0a880aa5c6debbb266d5","sha256":"577bd3555ada404f4f6f1becd77170d9834125f9a417809041bc525487d1ce0b","sha512":"6327be9df999f3fe1abc48e58a3032c2e4e9fdc5cc1c5a2f5e61089d766b4a201cf3795490a2948ca2c4fe9624b4c1d725af56e723688e45063587dde22baa3e","ssdeep":"3072:lYnB/Ts4CLlcldGUO38cJ+TbZEhh2aSBfU5eMvCDlR1ZWDrK0T:oT1CildGl86ubZKFiMJ6DP1W","tlshash":"cb0412fa8e0ad453e63ba5f1e577af075230cac5ddd9aa01206ca5c3c2df86d3a08745","first_seen":"2025-09-22T03:56:21.851362Z","last_seen":"2026-02-14T02:56:08.977216Z","times_seen":3,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":263,"receive":157,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-14","alert":"Phishing Block","trigger":"getmattlefun.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"getmattlefun.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}