{"report_id":"cab4391e-0fd2-4e7b-963b-b515453a9548","version":6,"status":"done","tags":[],"date":"2024-08-23T20:44:32Z","url":{"schema":"http","addr":"nexiv.hkjhsuies.com.es/bsBfV6?sub_id_1=de_it\u0026keyword=chiedi%20all%20aura%20lusinghiera%20pdf","fqdn":"nexiv.hkjhsuies.com.es","domain":"hkjhsuies.com.es","tld":"com.es"},"ip":{"addr":"172.67.195.102","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"ss.uakarisigneur.com/i5JZ0W4vBiA/MoeON","fqdn":"ss.uakarisigneur.com","domain":"uakarisigneur.com","tld":"com"},"title":"ss.uakarisigneur.com/i5JZ0W4vBiA/MoeON"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-07T18:05:43Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"t1.hightid.com","ip":{"addr":"51.161.115.163","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"domain_registered":"2022-08-03","domain_rank":0,"first_seen":"2022-08-03 15:42:13","last_seen":"2024-08-17 13:32:59","alert_count":0,"request_count":1,"received_data":549,"sent_data":553,"comment":"","tags":null,"fingerprints":null},{"fqdn":"t10.lowtid.com","ip":{"addr":"51.83.143.92","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"domain_registered":"2022-08-03","domain_rank":0,"first_seen":"2022-08-03 21:48:24","last_seen":"2024-08-22 20:26:18","alert_count":0,"request_count":1,"received_data":336,"sent_data":561,"comment":"","tags":null,"fingerprints":null},{"fqdn":"t1.lowtid.com","ip":{"addr":"51.161.115.163","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"domain_registered":"2022-08-03","domain_rank":0,"first_seen":"2022-08-03 15:42:13","last_seen":"2024-05-22 18:01:12","alert_count":0,"request_count":1,"received_data":362,"sent_data":584,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-08-23 18:12:28","alert_count":0,"request_count":10,"received_data":8872,"sent_data":3270,"comment":"","tags":null,"fingerprints":null},{"fqdn":"breofartex.trenulahhgehrtewrs.life","ip":{"addr":"172.67.201.158","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":4429,"sent_data":655,"comment":"","tags":null,"fingerprints":null},{"fqdn":"comlmntrdsrenow.life","ip":{"addr":"172.67.179.109","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":7870,"sent_data":613,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.primarkingfun.giving","ip":{"addr":"51.68.85.158","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":4,"received_data":5389,"sent_data":2428,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ss.uakarisigneur.com","ip":{"addr":"23.109.170.189","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2023-06-26","domain_rank":0,"first_seen":"2023-06-26 15:00:27","last_seen":"2024-08-22 20:26:20","alert_count":0,"request_count":2,"received_data":2998,"sent_data":1481,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-08-23 18:12:18","alert_count":0,"request_count":4,"received_data":3549,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"admoustache.aftrad-visit.com","ip":{"addr":"104.26.6.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-02-15","domain_rank":0,"first_seen":"2024-01-24 15:19:26","last_seen":"2024-06-01 22:36:53","alert_count":0,"request_count":2,"received_data":1934,"sent_data":1304,"comment":"","tags":null,"fingerprints":null},{"fqdn":"t3.blowingwnd.com","ip":{"addr":"51.161.115.163","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"domain_registered":"2022-08-03","domain_rank":0,"first_seen":"2022-08-03 15:42:14","last_seen":"2024-04-15 13:23:38","alert_count":0,"request_count":2,"received_data":968,"sent_data":1226,"comment":"","tags":null,"fingerprints":null},{"fqdn":"go.savethereef.xyz","ip":{"addr":"198.134.116.30","port":443,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"domain_registered":"2023-04-02","domain_rank":0,"first_seen":"2023-04-11 16:41:45","last_seen":"2024-08-22 20:26:20","alert_count":0,"request_count":3,"received_data":724,"sent_data":2261,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-08-23T20:44:12Z","timestamp":1724445852,"ip_dst":{"addr":"Client IP","port":58536,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"198.134.116.30","port":443,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2024-08-23T20:44:12.107772+0000\",\"flow_id\":686112244474999,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"198.134.116.30\",\"src_port\":443,\"dest_ip\":\"172.18.0.11\",\"dest_port\":58536,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=savethereef.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R11\",\"serial\":\"03:76:B7:32:84:9B:D8:70:90:72:6A:62:03:9D:7E:40:7B:05\",\"fingerprint\":\"d1:b5:82:7a:e7:a2:9d:0f:d2:54:df:ff:5b:26:25:db:cd:59:d5:ea\",\"sni\":\"go.savethereef.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-07-25T06:41:50\",\"notafter\":\"2024-10-23T06:41:49\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1146,\"bytes_toclient\":4940,\"start\":\"2024-08-23T20:44:11.238711+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-08-23T20:44:12Z","timestamp":1724445852,"ip_dst":{"addr":"Client IP","port":58552,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"198.134.116.30","port":443,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2024-08-23T20:44:12.337076+0000\",\"flow_id\":171875810113840,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"198.134.116.30\",\"src_port\":443,\"dest_ip\":\"172.18.0.11\",\"dest_port\":58552,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=savethereef.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R11\",\"serial\":\"03:76:B7:32:84:9B:D8:70:90:72:6A:62:03:9D:7E:40:7B:05\",\"fingerprint\":\"d1:b5:82:7a:e7:a2:9d:0f:d2:54:df:ff:5b:26:25:db:cd:59:d5:ea\",\"sni\":\"go.savethereef.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-07-25T06:41:50\",\"notafter\":\"2024-10-23T06:41:49\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":7,\"bytes_toserver\":1277,\"bytes_toclient\":4940,\"start\":\"2024-08-23T20:44:11.489776+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-23","alert":"Sinkholed","trigger":"trenulahhgehrtewrs.life","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-23","alert":"Sinkholed","trigger":"comlmntrdsrenow.life","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ss.uakarisigneur.com/i5JZ0W4vBiA/MoeON","fqdn":"ss.uakarisigneur.com","domain":"uakarisigneur.com","tld":"com"},"ip":{"addr":"23.109.170.189","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"74bcdb854ab16ca0977687a071ccface","sha1":"3fc98dccf6a4c618323aacd44660d0c32d1e9016","sha256":"f729e7b610069468cbe062a7821762c27a15271967ac88eae69a538d48c5a29b","sha512":"2bb5e903bc4e9992428b89e3186d32a214428964230340b4f7eb82f0b48284f336ce91f0f13ae99f7bb0bf65c713d3acfd27033f12a74f6067a64426f616c2e1","ssdeep":"","tlshash":"e9500000c000000cc0c0000c0000300000000c0000030c000000000000300003030000","size":8,"data":"","first_seen":"2023-03-07T01:10:08Z","last_seen":"2026-04-05T08:41:01.210087Z","times_seen":9233,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:07.261289971Z","timestamp":1724445847261,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"A0D352F8B8C2248C32607B1D77C3FF6FF7382A5DF118182F69AAE7D7145EE100\"\r\nLast-Modified: Fri, 23 Aug 2024 14:35:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=8883\r\nExpires: Fri, 23 Aug 2024 23:12:10 GMT\r\nDate: Fri, 23 Aug 2024 20:44:07 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"34b72ef98ffb750d7e3020d58da271c5","sha1":"a0b34c22554f5cadf812b8d1f818be5dc840f211","sha256":"a0d352f8b8c2248c32607b1d77c3ff6ff7382a5df118182f69aae7d7145ee100","sha512":"bf06b4f4c9fa97f7546c3e1eda6d38a82b97d6d441b2c3d0d5e796e8ad38899c00556a9bba27df87a4e23442cc2e2852034f51958d8d1cd418e249622b247ad3","ssdeep":"","tlshash":"99f005d143deb901edb5b5992bb6f24fbb10dc1d1c1496d1b0a406e0b441ba4534490d","first_seen":"2024-08-23T21:17:01Z","last_seen":"2024-08-29T18:06:28.067516Z","times_seen":19931,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:07.265958052Z","timestamp":1724445847265,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"DB03B08D76424BB0DD34B51C11CF222B9126BD1F6017AFD35CB1C2D0C3D1F86E\"\r\nLast-Modified: Fri, 23 Aug 2024 14:33:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9148\r\nExpires: Fri, 23 Aug 2024 23:16:35 GMT\r\nDate: Fri, 23 Aug 2024 20:44:07 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"a081f9755218e081db962afea1117844","sha1":"fab4e95becdbacea971038e8f0ea80b4e1064e4b","sha256":"db03b08d76424bb0dd34b51c11cf222b9126bd1f6017afd35cb1c2d0c3d1f86e","sha512":"ffbc769821cd608c48cd2e69185d6471eb9d63c282ae37bdbaf5e011fb54ca5da649740eb88fdf0616e425f08a0197934e60c3bb33713b6fa057afb6dd1837b1","ssdeep":"","tlshash":"16f005f50d09a5828e98147c5eb4c06b5d3d7df939545cd7927dd1f83c52f55134018c","first_seen":"2024-08-23T21:19:50Z","last_seen":"2024-08-29T18:06:28.06686Z","times_seen":25934,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:07.623002065Z","timestamp":1724445847623,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"38F07545BD30EF0B4ADEC907DEB75C1CB2365D645A54B545486599117707E28B\"\r\nLast-Modified: Fri, 23 Aug 2024 14:34:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7310\r\nExpires: Fri, 23 Aug 2024 22:45:57 GMT\r\nDate: Fri, 23 Aug 2024 20:44:07 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"5a54df7ab1a35ec424b9be7e9c3c9a4b","sha1":"e7cea7d874319740ce20d0b7c37e99b5e21461ff","sha256":"38f07545bd30ef0b4adec907deb75c1cb2365d645a54b545486599117707e28b","sha512":"911ab834c2696c535a13b977417f3e885d1429752f43fe0113e4c4a9a9efd8567990a742f0b1a6df8c1cfcfa06e24eeb2fec00a7a156631c9fdd602eaa7120ad","ssdeep":"","tlshash":"78f00ea8aee0b892faa15c217bf9da0a2b217ddf392516c059d452c17510b7c130046e","first_seen":"2024-08-23T18:47:18Z","last_seen":"2024-08-29T18:07:26.515866Z","times_seen":17370,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:07.861091302Z","timestamp":1724445847861,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"CB3BF00DB937121AA64ED4B8047093CD89CB7376A3C66CF46ECB6974CA047D4C\"\r\nLast-Modified: Fri, 23 Aug 2024 14:33:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=17202\r\nExpires: Sat, 24 Aug 2024 01:30:49 GMT\r\nDate: Fri, 23 Aug 2024 20:44:07 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"44d2fa336203fefa7fcc2e369e453d16","sha1":"71a006973afdbe2deb2374768a328cf9307fd4d1","sha256":"cb3bf00db937121aa64ed4b8047093cd89cb7376a3c66cf46ecb6974ca047d4c","sha512":"fdef4543622ed54bda6a05ad55b86cb9f05cfbd34a9734b76661e957474c1da55386c98d36887c2b7686532216a6201dd9ba9d8b5cc7b8ce3b095e0cfe24ac5c","ssdeep":"","tlshash":"d7f00e2616a6e500aa7c18107ebec25f3b22bea93850a5e1b051c5d07830ffd5b8844c","first_seen":"2024-08-23T21:40:07Z","last_seen":"2024-08-29T18:06:19.075482Z","times_seen":15481,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:09.975727023Z","timestamp":1724445849975,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D5D1370D54DBC79EEF9D826334B31217D5B9823CFD1D012036B1BC4F38B724B4\"\r\nLast-Modified: Fri, 23 Aug 2024 14:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7362\r\nExpires: Fri, 23 Aug 2024 22:46:51 GMT\r\nDate: Fri, 23 Aug 2024 20:44:09 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"858eda022f9abab07abe65d5db47bdd7","sha1":"50676984a7c33451e955b30f0c2796d8cbd39b37","sha256":"d5d1370d54dbc79eef9d826334b31217d5b9823cfd1d012036b1bc4f38b724b4","sha512":"e5149f414165e4ecf944e1dbcf16810c0b383621fa1891f5d04af973954796252ff40cbae72087a276dd6da011b4944126f65b7711ce8134227c0bbc97eb4e7e","ssdeep":"","tlshash":"1ff0c0962b21b814255816157ee6c6171f107e58684525d3865c17e2a8017fd530480c","first_seen":"2024-08-23T19:27:06Z","last_seen":"2024-08-29T18:07:09.764216Z","times_seen":22856,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:09.979627099Z","timestamp":1724445849979,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D5D1370D54DBC79EEF9D826334B31217D5B9823CFD1D012036B1BC4F38B724B4\"\r\nLast-Modified: Fri, 23 Aug 2024 14:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7362\r\nExpires: Fri, 23 Aug 2024 22:46:51 GMT\r\nDate: Fri, 23 Aug 2024 20:44:09 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"858eda022f9abab07abe65d5db47bdd7","sha1":"50676984a7c33451e955b30f0c2796d8cbd39b37","sha256":"d5d1370d54dbc79eef9d826334b31217d5b9823cfd1d012036b1bc4f38b724b4","sha512":"e5149f414165e4ecf944e1dbcf16810c0b383621fa1891f5d04af973954796252ff40cbae72087a276dd6da011b4944126f65b7711ce8134227c0bbc97eb4e7e","ssdeep":"","tlshash":"1ff0c0962b21b814255816157ee6c6171f107e58684525d3865c17e2a8017fd530480c","first_seen":"2024-08-23T19:27:06Z","last_seen":"2024-08-29T18:07:09.764216Z","times_seen":22856,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:09.981121262Z","timestamp":1724445849981,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D5D1370D54DBC79EEF9D826334B31217D5B9823CFD1D012036B1BC4F38B724B4\"\r\nLast-Modified: Fri, 23 Aug 2024 14:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7362\r\nExpires: Fri, 23 Aug 2024 22:46:51 GMT\r\nDate: Fri, 23 Aug 2024 20:44:09 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"858eda022f9abab07abe65d5db47bdd7","sha1":"50676984a7c33451e955b30f0c2796d8cbd39b37","sha256":"d5d1370d54dbc79eef9d826334b31217d5b9823cfd1d012036b1bc4f38b724b4","sha512":"e5149f414165e4ecf944e1dbcf16810c0b383621fa1891f5d04af973954796252ff40cbae72087a276dd6da011b4944126f65b7711ce8134227c0bbc97eb4e7e","ssdeep":"","tlshash":"1ff0c0962b21b814255816157ee6c6171f107e58684525d3865c17e2a8017fd530480c","first_seen":"2024-08-23T19:27:06Z","last_seen":"2024-08-29T18:07:09.764216Z","times_seen":22856,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:09.98275483Z","timestamp":1724445849982,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D5D1370D54DBC79EEF9D826334B31217D5B9823CFD1D012036B1BC4F38B724B4\"\r\nLast-Modified: Fri, 23 Aug 2024 14:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7362\r\nExpires: Fri, 23 Aug 2024 22:46:51 GMT\r\nDate: Fri, 23 Aug 2024 20:44:09 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"858eda022f9abab07abe65d5db47bdd7","sha1":"50676984a7c33451e955b30f0c2796d8cbd39b37","sha256":"d5d1370d54dbc79eef9d826334b31217d5b9823cfd1d012036b1bc4f38b724b4","sha512":"e5149f414165e4ecf944e1dbcf16810c0b383621fa1891f5d04af973954796252ff40cbae72087a276dd6da011b4944126f65b7711ce8134227c0bbc97eb4e7e","ssdeep":"","tlshash":"1ff0c0962b21b814255816157ee6c6171f107e58684525d3865c17e2a8017fd530480c","first_seen":"2024-08-23T19:27:06Z","last_seen":"2024-08-29T18:07:09.764216Z","times_seen":22856,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"breofartex.trenulahhgehrtewrs.life/?utm_medium=195a7a84693f9dd6d1851d0f90faeef0e8a443c8\u0026utm_campaign=smsep\u00261=1104\u00262=8d3f8391987f9e86e1d1eb950beddfe486e68ad2\u0026cid=8d3f8391987f9e86e1d1eb950beddfe486e68ad2","fqdn":"breofartex.trenulahhgehrtewrs.life","domain":"trenulahhgehrtewrs.life","tld":"life"},"ip":{"addr":"172.67.201.158","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:09.991192009Z","timestamp":1724445849991,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /?utm_medium=195a7a84693f9dd6d1851d0f90faeef0e8a443c8\u0026utm_campaign=smsep\u00261=1104\u00262=8d3f8391987f9e86e1d1eb950beddfe486e68ad2\u0026cid=8d3f8391987f9e86e1d1eb950beddfe486e68ad2 HTTP/1.1\r\nHost: breofartex.trenulahhgehrtewrs.life\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 23 Aug 2024 20:44:09 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\naccept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=9yb5pFTNj7dnBcNR3YpJb%2Fltn8KmwRyMEeD%2FPYEY%2FeO9DqzxdzlXVM%2FlWJp7B3Y1RUF4oBQJs2clxZfWB5lqhJ2OGXyevs0WE70i%2Bd5JGAmGx8tsIHRc56n0y%2FKk8jurRNBsRqmZNJfIUweBl74iUn4nftqI\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8b7df05db89d1c12-OSL\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":3539,"size_decoded":9558,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (5365)","md5":"d7ef33e3d15e5b16e81bc8098cea7fef","sha1":"387e23a45eb7a59c1fe1d5358847640013610a55","sha256":"fc880660df92b27bf3cfb2fce22dfeef576aadc04facd0a34a1b6a1616a9d714","sha512":"10f1fbdaa2f2101c8dab9e67a19930c36fae669cf98eea62848aa5e04c30a7be6635468514d5164713920bf3f4a5a22b2b0ead7530d0877c0372c6487424624a","ssdeep":"192:A1bRasCbI8sd1gSZNQjkjW2+WVCdPT26RRRfjyjuDa:2bRaXbI8sdcWUr2qRy","tlshash":"3b12b7fba5411062d2178d86d3de4b68163bc7279d230d8eb3917156c6daeee834a30f","first_seen":"2024-08-29T18:05:43.642269Z","last_seen":"2024-08-29T18:05:43.642269Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-23","alert":"Sinkholed","trigger":"trenulahhgehrtewrs.life","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"comlmntrdsrenow.life/?s=14\u0026t1=1104\u0026t2=chiedi+all+aura+lusinghiera+pdf\u0026t3=376l60j8g8vk\u0026bc_r=1724445848","fqdn":"comlmntrdsrenow.life","domain":"comlmntrdsrenow.life","tld":"life"},"ip":{"addr":"172.67.179.109","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:10.00866541Z","timestamp":1724445850008,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /?s=14\u0026t1=1104\u0026t2=chiedi+all+aura+lusinghiera+pdf\u0026t3=376l60j8g8vk\u0026bc_r=1724445848 HTTP/1.1\r\nHost: comlmntrdsrenow.life\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: 463cfc3bbde9973cdb449541470d22f9=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 23 Aug 2024 20:44:08 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://breofartex.trenulahhgehrtewrs.life/?utm_medium=195a7a84693f9dd6d1851d0f90faeef0e8a443c8\u0026utm_campaign=smsep\u00261=1104\u00262=8d3f8391987f9e86e1d1eb950beddfe486e68ad2\u0026cid=8d3f8391987f9e86e1d1eb950beddfe486e68ad2\r\nset-cookie: 2b2ff3d8093f080571fd2b1137a82984=1; expires=Sat, 24-Aug-2024 20:44:08 GMT; Max-Age=86400; path=/; domain=comlmntrdsrenow.life\nae1f964c26c81c1c64f5560b164c0d12=8d3f8391987f9e86e1d1eb950beddfe486e68ad2; expires=Sat, 24-Aug-2024 20:44:08 GMT; Max-Age=86400; path=/; domain=comlmntrdsrenow.life\r\nvary: User-Agent\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=0UO8rVMb6L1wnIVxacsWoYUZY0DMqZUhCNLw%2FyYi7A0kPvi3%2FEc8CMIcltmsgU3PTkfw2SEM%2FbFIANyF6lpxEeRmvFZPmY92z0Rx88syz0VLm5wl7mLBOhb40F4Hw%2FAzJPmMYZDT%2BA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8b7df059cc42b527-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":6767,"size_decoded":6767,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3","md5":"e5fd659ba3c1bd1ac44e4ccb6ab34566","sha1":"a779d3b58427c9ed82ef3e0dc278ddda278eb195","sha256":"b79d0392429368dad58bc29f26edcef1550472f0149d8fec1e827332e2103add","sha512":"a0474cbd8549cc7d9f0762139b5729ee550e7143075716c488ac4efdb9e47138ae200d0ff163a11e538a56f3e13057ffcd62db7bc1e7942913609f864f29a0b9","ssdeep":"192:qEznhBTtw9X3L5LdahOIMc37A3uaEVyYXV:qEW3lZaf43uazc","tlshash":"0bd19eba32c45971c4ac597f73a08797718077665526e314acdabeb4002ebf5ba4a301","first_seen":"2024-08-23T16:34:15Z","last_seen":"2024-08-29T18:08:07.477072Z","times_seen":32,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-08-23","alert":"Sinkholed","trigger":"comlmntrdsrenow.life","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.primarkingfun.giving/?sl=5827987-2afce\u0026pub_click_id=M7406438525194731611\u0026site=23985-a16242fd-b55cda9a\u0026pub_sub_id=23985","fqdn":"www.primarkingfun.giving","domain":"primarkingfun.giving","tld":"giving"},"ip":{"addr":"51.68.85.158","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:10.291204238Z","timestamp":1724445850291,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /?sl=5827987-2afce\u0026pub_click_id=M7406438525194731611\u0026site=23985-a16242fd-b55cda9a\u0026pub_sub_id=23985 HTTP/1.1\r\nHost: www.primarkingfun.giving\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://breofartex.trenulahhgehrtewrs.life/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Fri, 23 Aug 2024 20:44:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-transform\r\nAccept-CH: Sec-CH-UA-Platform-Version\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":4350,"size_decoded":4350,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (3495)","md5":"98ce329a1691e9f57c993c5a5eae2e3a","sha1":"96fce46e56be1c20868398dc1f3c5c9b1d1dce62","sha256":"89acdcbcbabd4a25c0cc0d61e46255f7ffddf2c2dbb0f8cb8bd952c264de54f9","sha512":"8e2a1c18ce763e4d26ad0f28333c3f4aa904b4dd536741d811a90626f2a80c232c681d3908029004c1727cfd5779dd8bf0d0cf3f2160d47976026826debb2a30","ssdeep":"96:LF50AYhVP8VxflqA+uSTaLkYn2N2T0jre1GEOTeLLi3mjGH+R2WmhoN7u:5uAYhVPwqA+uS3HoTPVlLLi3mjGHgmcu","tlshash":"2f91214565d2a900226ba6735e5a72e6eca30d8a2ce55405f08d55242f18f3fee733fc","first_seen":"2024-08-29T18:05:43.643883Z","last_seen":"2024-08-29T18:05:43.643883Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.primarkingfun.giving/?sl=5827987-2afce\u0026pub_click_id=M7406438525194731611\u0026site=23985-a16242fd-b55cda9a\u0026pub_sub_id=23985\u0026eyeg=81e84cfa7b59413822c4e0060f75ea2d\u0026eyer=0.7490556500465474\u0026eyei=0\u0026eyew=1280\u0026eyeh=1024\u0026eyetd=220\u0026eyef=breofartex.trenulahhgehrtewrs.life","fqdn":"www.primarkingfun.giving","domain":"primarkingfun.giving","tld":"giving"},"ip":{"addr":"51.68.85.158","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:10.489Z","timestamp":1724445850489,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.primarkingfun.giving","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Jul 2024 08:31:37 GMT","end":"Sun, 27 Oct 2024 08:31:36 GMT"},"fingerprint":{"sha1":"FC:1A:9E:3A:41:73:8E:A7:4B:F5:52:96:56:46:7C:12:B7:B1:09:95","sha256":"FC:46:8C:A9:2A:98:10:F3:4C:CC:31:28:B5:18:AC:E3:AE:A9:9F:E3:82:2F:50:22:DF:10:FC:FC:AC:60:B1:5C"}}},"request":{"raw":"GET /?sl=5827987-2afce\u0026pub_click_id=M7406438525194731611\u0026site=23985-a16242fd-b55cda9a\u0026pub_sub_id=23985\u0026eyeg=81e84cfa7b59413822c4e0060f75ea2d\u0026eyer=0.7490556500465474\u0026eyei=0\u0026eyew=1280\u0026eyeh=1024\u0026eyetd=220\u0026eyef=breofartex.trenulahhgehrtewrs.life HTTP/1.1\r\nHost: www.primarkingfun.giving\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Fri, 23 Aug 2024 20:44:10 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-transform\r\nLocation: https://www.primarkingfun.giving/?sl=5827987-2afce\u0026pub_click_id=M7406438525194731611\u0026site=23985-a16242fd-b55cda9a\u0026pub_sub_id=23985\u0026eyeg=3\u0026eyer=0.7490556500465474\u0026eyei=0\u0026eyew=1280\u0026eyeh=1024\u0026eyetd=220\u0026eyef=breofartex.trenulahhgehrtewrs.life\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.primarkingfun.giving/?sl=5827987-2afce\u0026pub_click_id=M7406438525194731611\u0026site=23985-a16242fd-b55cda9a\u0026pub_sub_id=23985\u0026eyeg=3\u0026eyer=0.7490556500465474\u0026eyei=0\u0026eyew=1280\u0026eyeh=1024\u0026eyetd=220\u0026eyef=breofartex.trenulahhgehrtewrs.life","fqdn":"www.primarkingfun.giving","domain":"primarkingfun.giving","tld":"giving"},"ip":{"addr":"51.68.85.158","port":443,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:10.527Z","timestamp":1724445850527,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"www.primarkingfun.giving","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Jul 2024 08:31:37 GMT","end":"Sun, 27 Oct 2024 08:31:36 GMT"},"fingerprint":{"sha1":"FC:1A:9E:3A:41:73:8E:A7:4B:F5:52:96:56:46:7C:12:B7:B1:09:95","sha256":"FC:46:8C:A9:2A:98:10:F3:4C:CC:31:28:B5:18:AC:E3:AE:A9:9F:E3:82:2F:50:22:DF:10:FC:FC:AC:60:B1:5C"}}},"request":{"raw":"GET /?sl=5827987-2afce\u0026pub_click_id=M7406438525194731611\u0026site=23985-a16242fd-b55cda9a\u0026pub_sub_id=23985\u0026eyeg=3\u0026eyer=0.7490556500465474\u0026eyei=0\u0026eyew=1280\u0026eyeh=1024\u0026eyetd=220\u0026eyef=breofartex.trenulahhgehrtewrs.life HTTP/1.1\r\nHost: www.primarkingfun.giving\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Fri, 23 Aug 2024 20:44:10 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-transform\r\nLocation: https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1\u0026publisher_id=441\u0026network_id=5\u0026click_id=33000bf76e37b7ce4b876d04a7c7f57614ec80823-202408-flb*5827987-2afce**sl_5827987-2afce*6d8ee39f8164a5c2d9808344840723267ac1f9f0**\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.primarkingfun.giving/favicon.ico","fqdn":"www.primarkingfun.giving","domain":"primarkingfun.giving","tld":"giving"},"ip":{"addr":"51.68.85.158","port":0,"asn":16276,"as":"OVH SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:10.695410344Z","timestamp":1724445850695,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.primarkingfun.giving\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 204 No Content\r\nDate: Fri, 23 Aug 2024 20:44:10 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1\u0026publisher_id=441\u0026network_id=5\u0026click_id=33000bf76e37b7ce4b876d04a7c7f57614ec80823-202408-flb*5827987-2afce**sl_5827987-2afce*6d8ee39f8164a5c2d9808344840723267ac1f9f0**","fqdn":"admoustache.aftrad-visit.com","domain":"aftrad-visit.com","tld":"com"},"ip":{"addr":"104.26.6.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:10.565Z","timestamp":1724445850565,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aftrad-visit.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 31 Jul 2024 23:03:23 GMT","end":"Tue, 29 Oct 2024 23:03:22 GMT"},"fingerprint":{"sha1":"8F:3C:E4:D5:71:51:53:30:5C:B1:AB:EE:0D:C2:CF:1C:EF:48:D9:18","sha256":"C9:62:BF:FC:A7:53:81:EB:49:9C:77:67:32:A8:87:2E:3F:5D:9F:5A:DC:93:C8:B7:28:3F:84:58:6E:E9:E5:ED"}}},"request":{"raw":"GET /track/smartlink?smartlink_id=1\u0026publisher_id=441\u0026network_id=5\u0026click_id=33000bf76e37b7ce4b876d04a7c7f57614ec80823-202408-flb*5827987-2afce**sl_5827987-2afce*6d8ee39f8164a5c2d9808344840723267ac1f9f0** HTTP/1.1\r\nHost: admoustache.aftrad-visit.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 23 Aug 2024 20:44:10 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 202\r\nlocation: https://t3.blowingwnd.com/l.php?p=c:btrsnl901aaqozhg8\u0026d=65ce2e32e492740f6e0cacf0\u0026pid=204RJ7QYUNTE1jii1UMXxRd73YYoNDUKooYh1fAYW8JnuNeUUpyH428TNcjkSPvZbsqCdS\u0026s=1B7fmUHKE\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=8sWonfc2dSs3Fw%2FMuLCRJp82omaRWmTtE2tUPEW%2FCb3KE9z3e5EF%2FTnWA1WDk85%2BfzpMoSi2udTaKXEmJtntRkbNJlg7fZu0ekkXpG58NvAkZ9cbLgnD2kK7LU5KFxJphKifHNV1lKaJ1Q7g9e4%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8b7df0667de00b59-OSL\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":202,"size_decoded":202,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"13cb2191715f4a5bb8dbeff1f47ffff3","sha1":"cea4b71ed416b1c838413ee5d4c48591dbb000a1","sha256":"d99149064fa2ae422ac768bf5b317f1de19e2b08c5cfd539829cdf413ea5581c","sha512":"9d2f8eee6a8800ec277269b57f8d390039385645436cf70e90875e58d5058b15fbb79772fc4e290a9737b3c1c4ca3ff8bcbe3a47d5425dd674a4f2f1af9cb535","ssdeep":"","tlshash":"77d0235dc5d4c44c4be45d7c105013d8129603c7f5305d2450751d016e467d54114566","first_seen":"2024-08-29T18:05:43.645599Z","last_seen":"2024-08-29T18:05:43.645599Z","times_seen":1,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":75,"dns":48,"connect":1,"send":0,"wait":115,"receive":1,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:11.071503717Z","timestamp":1724445851071,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"868C5B1E36A3096EA4D05E0BFA6FFFB23E6A33CFD7B67037E26AE453EE03244D\"\r\nLast-Modified: Fri, 23 Aug 2024 14:39:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=1203\r\nExpires: Fri, 23 Aug 2024 21:04:14 GMT\r\nDate: Fri, 23 Aug 2024 20:44:11 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"48744f63914974aab966fc2e8cda3a86","sha1":"552dbedbd13dcee321d1c6cf3cf826d6c90108c0","sha256":"868c5b1e36a3096ea4d05e0bfa6fffb23e6a33cfd7b67037e26ae453ee03244d","sha512":"7795e87cb0b0eb2c10eea248c447042e7775525a24367ea27de05bddecab5d82d0ae096e66ce548de49e591c4bda7dd5f565523d7a58d1946a89a521ff644f44","ssdeep":"","tlshash":"73f00e991154fa801e6804b9e8fac9be0a1429fc18441e96ca8801e3bc227ac2308a09","first_seen":"2024-08-23T17:49:28Z","last_seen":"2024-08-29T18:07:38.995348Z","times_seen":36,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t3.blowingwnd.com/l.php?p=c:btrsnl901aaqozhg8\u0026d=65ce2e32e492740f6e0cacf0\u0026pid=204RJ7QYUNTE1jii1UMXxRd73YYoNDUKooYh1fAYW8JnuNeUUpyH428TNcjkSPvZbsqCdS\u0026s=1B7fmUHKE","fqdn":"t3.blowingwnd.com","domain":"blowingwnd.com","tld":"com"},"ip":{"addr":"51.161.115.163","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:10.763Z","timestamp":1724445850763,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"burned-koala.landingtrack.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Jul 2024 06:45:46 GMT","end":"Tue, 29 Oct 2024 06:45:45 GMT"},"fingerprint":{"sha1":"70:42:5E:0F:64:91:3E:7F:8D:DA:24:98:21:FB:81:09:98:C3:65:9F","sha256":"3B:47:6F:9B:C3:C6:57:29:3D:FE:B3:A9:59:C0:2B:1A:E5:D7:48:A5:D1:F8:CE:50:B5:03:20:92:CF:EB:42:1E"}}},"request":{"raw":"GET /l.php?p=c:btrsnl901aaqozhg8\u0026d=65ce2e32e492740f6e0cacf0\u0026pid=204RJ7QYUNTE1jii1UMXxRd73YYoNDUKooYh1fAYW8JnuNeUUpyH428TNcjkSPvZbsqCdS\u0026s=1B7fmUHKE HTTP/1.1\r\nHost: t3.blowingwnd.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Fri, 23 Aug 2024 20:44:11 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nRound: 13oes905nr\r\nRaund: 313\r\nLocation: https://go.savethereef.xyz/redirect?feed=642698\u0026url=t3.blowingwnd.com\u0026subid=1B7fmUHKE\u0026query=\u0026pub_clickid=66c8f49b5bc985019d64eb49\u0026default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":714,"timings":{"blocked":309,"dns":111,"connect":93,"send":0,"wait":95,"receive":0,"ssl":103},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:11.832352849Z","timestamp":1724445851832,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"C387135F5F21105D9594EC67A9B602A7B208BC2AECAE25A21D5340C88FA7ECDB\"\r\nLast-Modified: Fri, 23 Aug 2024 14:40:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4488\r\nExpires: Fri, 23 Aug 2024 21:58:59 GMT\r\nDate: Fri, 23 Aug 2024 20:44:11 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c1115ce70bc13abfe5265cd4c7c43f44","sha1":"91b1793949f256dcee0737c7e1623e9eea9ef720","sha256":"c387135f5f21105d9594ec67a9b602a7b208bc2aecae25a21d5340c88fa7ecdb","sha512":"69e815c950e48354f49b90904aa07b9ce6fabc22a5c99620fb19924adf04591affc46aba1fef4387e7b58da1a79ffc010eec0aaeb53ae877d13a0e123e970992","ssdeep":"","tlshash":"d7f00e9b3210ade146280a26eeb3dc6f2b543db75d5020c342c507fc3c1039c664030f","first_seen":"2024-08-23T22:44:39Z","last_seen":"2024-08-29T18:05:43.647236Z","times_seen":41,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"go.savethereef.xyz/redirect?feed=642698\u0026url=t3.blowingwnd.com\u0026subid=1B7fmUHKE\u0026query=\u0026pub_clickid=66c8f49b5bc985019d64eb49\u0026default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D","fqdn":"go.savethereef.xyz","domain":"savethereef.xyz","tld":"xyz"},"ip":{"addr":"198.134.116.30","port":443,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:11.176Z","timestamp":1724445851176,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"savethereef.xyz","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jul 2024 06:41:50 GMT","end":"Wed, 23 Oct 2024 06:41:49 GMT"},"fingerprint":{"sha1":"D1:B5:82:7A:E7:A2:9D:0F:D2:54:DF:FF:5B:26:25:DB:CD:59:D5:EA","sha256":"82:5D:73:82:98:F1:6C:B0:84:1D:D9:65:C2:B8:19:CE:57:12:44:66:10:34:8A:FA:98:2E:92:BC:2F:3B:24:DF"}}},"request":{"raw":"GET /redirect?feed=642698\u0026url=t3.blowingwnd.com\u0026subid=1B7fmUHKE\u0026query=\u0026pub_clickid=66c8f49b5bc985019d64eb49\u0026default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP/1.1\r\nHost: go.savethereef.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Fri, 23 Aug 2024 20:44:12 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-store\r\nLocation: https://t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0\u0026d=653c9411464a4419c012ddb2\u0026s=642698\u0026d2=t3.blowingwnd.com\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":2181,"timings":{"blocked":932,"dns":63,"connect":293,"send":0,"wait":316,"receive":0,"ssl":575},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:12.678540523Z","timestamp":1724445852678,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"C505242654AC215FFE3AE7F62D25CA04BB6DBB64826E166E3EFD56B200D06088\"\r\nLast-Modified: Fri, 23 Aug 2024 14:36:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=19234\r\nExpires: Sat, 24 Aug 2024 02:04:46 GMT\r\nDate: Fri, 23 Aug 2024 20:44:12 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"eb25127a34c3ca7f3c0939983ae09687","sha1":"be8824fb1694b751b0e44273c6760973c4f84ab2","sha256":"c505242654ac215ffe3ae7f62d25ca04bb6dbb64826e166e3efd56b200d06088","sha512":"81314003de7311a9947672eade8517ff34f89fc2255dc42fb1ed5aa31f82ea24a34ce03a30579c2b9b8a932062a55ce262bd72c6488899ba7b71b5f96181e9f8","ssdeep":"","tlshash":"7ff005e1296825801a150e3e9df6d71b4b346a78288a6c8551f445e278127e8930d22c","first_seen":"2024-08-23T22:44:39Z","last_seen":"2024-08-29T18:05:43.647791Z","times_seen":36,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t1.hightid.com/r.php?p=c:s_8942pgf_9qrwlx0\u0026d=653c9411464a4419c012ddb2\u0026s=642698\u0026d2=t3.blowingwnd.com","fqdn":"t1.hightid.com","domain":"hightid.com","tld":"com"},"ip":{"addr":"51.161.115.163","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:12.432Z","timestamp":1724445852432,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"burned-koala.landingtrack.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Jul 2024 06:45:46 GMT","end":"Tue, 29 Oct 2024 06:45:45 GMT"},"fingerprint":{"sha1":"70:42:5E:0F:64:91:3E:7F:8D:DA:24:98:21:FB:81:09:98:C3:65:9F","sha256":"3B:47:6F:9B:C3:C6:57:29:3D:FE:B3:A9:59:C0:2B:1A:E5:D7:48:A5:D1:F8:CE:50:B5:03:20:92:CF:EB:42:1E"}}},"request":{"raw":"GET /r.php?p=c:s_8942pgf_9qrwlx0\u0026d=653c9411464a4419c012ddb2\u0026s=642698\u0026d2=t3.blowingwnd.com HTTP/1.1\r\nHost: t1.hightid.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Fri, 23 Aug 2024 20:44:12 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nRound: 12mw6ufnb4\r\nRaund: 2zt\r\nLocation: https://go.savethereef.xyz/redirect?feed=465513\u0026url=https%3A%2F%2Fwww.twtch.co%2F\u0026subid=custom_10utabg6hk.no.linux.firefox\u0026query=642698\u0026pub_clickid=66c8f49c3cfc9b048c403949\u0026default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":589,"timings":{"blocked":246,"dns":38,"connect":98,"send":0,"wait":98,"receive":1,"ssl":105},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"go.savethereef.xyz/redirect?feed=465513\u0026url=https%3A%2F%2Fwww.twtch.co%2F\u0026subid=custom_10utabg6hk.no.linux.firefox\u0026query=642698\u0026pub_clickid=66c8f49c3cfc9b048c403949\u0026default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D","fqdn":"go.savethereef.xyz","domain":"savethereef.xyz","tld":"xyz"},"ip":{"addr":"198.134.116.30","port":443,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:12.787Z","timestamp":1724445852787,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"savethereef.xyz","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jul 2024 06:41:50 GMT","end":"Wed, 23 Oct 2024 06:41:49 GMT"},"fingerprint":{"sha1":"D1:B5:82:7A:E7:A2:9D:0F:D2:54:DF:FF:5B:26:25:DB:CD:59:D5:EA","sha256":"82:5D:73:82:98:F1:6C:B0:84:1D:D9:65:C2:B8:19:CE:57:12:44:66:10:34:8A:FA:98:2E:92:BC:2F:3B:24:DF"}}},"request":{"raw":"GET /redirect?feed=465513\u0026url=https%3A%2F%2Fwww.twtch.co%2F\u0026subid=custom_10utabg6hk.no.linux.firefox\u0026query=642698\u0026pub_clickid=66c8f49c3cfc9b048c403949\u0026default_url=https%3A%2F%2Ft10.lowtid.com%2Fs.php%3Fp%3Dc%3A5mklge2tsml349y_c%26d%3D655744eb46c1f060291a7ac7%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D%26d1%3D%7Bquery%7D HTTP/1.1\r\nHost: go.savethereef.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Fri, 23 Aug 2024 20:44:13 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-store\r\nLocation: https://t10.lowtid.com/s.php?p=c:5mklge2tsml349y_c\u0026d=655744eb46c1f060291a7ac7\u0026s=du.465513\u0026d2=www.twtch.co\u0026d1=642698\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:13.24560332Z","timestamp":1724445853245,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"9FC00A7A12C7A6782E867D65EE9EEDC0FA5245AD112C863EA32D70D5813F758A\"\r\nLast-Modified: Fri, 23 Aug 2024 14:36:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2595\r\nExpires: Fri, 23 Aug 2024 21:27:28 GMT\r\nDate: Fri, 23 Aug 2024 20:44:13 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"bc573f84bddc6cba9f9d251a245b88e4","sha1":"7d1ff2bdcb09b73bf78b23afa196105a6b0eb301","sha256":"9fc00a7a12c7a6782e867d65ee9eedc0fa5245ad112c863ea32d70d5813f758a","sha512":"4eaa2c57d975cb089eecdbc04b9feb9431438ccd523f4239a883d81eca3617e44511aa17d2cb871bae8341ceaf9721d9da5cde02da8953d2ceba1272eb9b8549","ssdeep":"","tlshash":"92f00e46ae9efd4465f602223af6c2a99f04de9d2c18a0e022a052d12c0cbbdc784228","first_seen":"2024-08-23T22:44:39Z","last_seen":"2024-08-29T18:05:43.648357Z","times_seen":17,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t10.lowtid.com/s.php?p=c:5mklge2tsml349y_c\u0026d=655744eb46c1f060291a7ac7\u0026s=du.465513\u0026d2=www.twtch.co\u0026d1=642698","fqdn":"t10.lowtid.com","domain":"lowtid.com","tld":"com"},"ip":{"addr":"51.83.143.92","port":443,"asn":16276,"as":"OVH SAS","country":"Poland","country_code":"PL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:13.086Z","timestamp":1724445853086,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lone-star.landingtrack.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Jul 2024 10:21:23 GMT","end":"Thu, 24 Oct 2024 10:21:22 GMT"},"fingerprint":{"sha1":"F7:11:6A:E1:D0:1E:A1:C7:F5:68:39:A1:0F:15:97:B1:DD:37:04:7E","sha256":"99:3A:93:FB:80:E6:C5:AA:5A:22:55:FD:8C:C2:73:07:77:5E:5C:E3:BD:65:1A:62:41:39:F8:47:FE:E0:6A:8C"}}},"request":{"raw":"GET /s.php?p=c:5mklge2tsml349y_c\u0026d=655744eb46c1f060291a7ac7\u0026s=du.465513\u0026d2=www.twtch.co\u0026d1=642698 HTTP/1.1\r\nHost: t10.lowtid.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Fri, 23 Aug 2024 20:44:13 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nRound: 11v0nbww1w\r\nRaund: 36n\r\nLocation: https://t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0\u0026d=63208671784bc04a7b5b1ad6\u0026s=101.du.465513\u0026d1=\u0026d2=du.465513\u0026pid=66c8f49df11c77035532938b\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":375,"timings":{"blocked":160,"dns":40,"connect":52,"send":0,"wait":54,"receive":1,"ssl":65},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:13.556587983Z","timestamp":1724445853556,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"C505242654AC215FFE3AE7F62D25CA04BB6DBB64826E166E3EFD56B200D06088\"\r\nLast-Modified: Fri, 23 Aug 2024 14:36:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=19233\r\nExpires: Sat, 24 Aug 2024 02:04:46 GMT\r\nDate: Fri, 23 Aug 2024 20:44:13 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"eb25127a34c3ca7f3c0939983ae09687","sha1":"be8824fb1694b751b0e44273c6760973c4f84ab2","sha256":"c505242654ac215ffe3ae7f62d25ca04bb6dbb64826e166e3efd56b200d06088","sha512":"81314003de7311a9947672eade8517ff34f89fc2255dc42fb1ed5aa31f82ea24a34ce03a30579c2b9b8a932062a55ce262bd72c6488899ba7b71b5f96181e9f8","ssdeep":"","tlshash":"7ff005e1296825801a150e3e9df6d71b4b346a78288a6c8551f445e278127e8930d22c","first_seen":"2024-08-23T22:44:39Z","last_seen":"2024-08-29T18:05:43.647791Z","times_seen":36,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t1.lowtid.com/l.php?p=c:8pnojh5wvpo68l3k0\u0026d=63208671784bc04a7b5b1ad6\u0026s=101.du.465513\u0026d1=\u0026d2=du.465513\u0026pid=66c8f49df11c77035532938b","fqdn":"t1.lowtid.com","domain":"lowtid.com","tld":"com"},"ip":{"addr":"51.161.115.163","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:13.306Z","timestamp":1724445853306,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"burned-koala.landingtrack.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Jul 2024 06:45:46 GMT","end":"Tue, 29 Oct 2024 06:45:45 GMT"},"fingerprint":{"sha1":"70:42:5E:0F:64:91:3E:7F:8D:DA:24:98:21:FB:81:09:98:C3:65:9F","sha256":"3B:47:6F:9B:C3:C6:57:29:3D:FE:B3:A9:59:C0:2B:1A:E5:D7:48:A5:D1:F8:CE:50:B5:03:20:92:CF:EB:42:1E"}}},"request":{"raw":"GET /l.php?p=c:8pnojh5wvpo68l3k0\u0026d=63208671784bc04a7b5b1ad6\u0026s=101.du.465513\u0026d1=\u0026d2=du.465513\u0026pid=66c8f49df11c77035532938b HTTP/1.1\r\nHost: t1.lowtid.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Fri, 23 Aug 2024 20:44:13 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nRound: 13oeteuvyk\r\nRaund: 312\r\nLocation: https://admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1\u0026publisher_id=622\u0026network_id=5\u0026click_id=66c8f49d9903164af47af234\u0026source=101.du.465513\u0026sub_source=\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":611,"timings":{"blocked":256,"dns":47,"connect":96,"send":0,"wait":97,"receive":1,"ssl":110},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"admoustache.aftrad-visit.com/track/smartlink?smartlink_id=1\u0026publisher_id=622\u0026network_id=5\u0026click_id=66c8f49d9903164af47af234\u0026source=101.du.465513\u0026sub_source=","fqdn":"admoustache.aftrad-visit.com","domain":"aftrad-visit.com","tld":"com"},"ip":{"addr":"104.26.6.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:13.668Z","timestamp":1724445853668,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aftrad-visit.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 31 Jul 2024 23:03:23 GMT","end":"Tue, 29 Oct 2024 23:03:22 GMT"},"fingerprint":{"sha1":"8F:3C:E4:D5:71:51:53:30:5C:B1:AB:EE:0D:C2:CF:1C:EF:48:D9:18","sha256":"C9:62:BF:FC:A7:53:81:EB:49:9C:77:67:32:A8:87:2E:3F:5D:9F:5A:DC:93:C8:B7:28:3F:84:58:6E:E9:E5:ED"}}},"request":{"raw":"GET /track/smartlink?smartlink_id=1\u0026publisher_id=622\u0026network_id=5\u0026click_id=66c8f49d9903164af47af234\u0026source=101.du.465513\u0026sub_source= HTTP/1.1\r\nHost: admoustache.aftrad-visit.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 23 Aug 2024 20:44:13 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 202\r\nlocation: https://t3.blowingwnd.com/l.php?p=c:btrsnl901aaqozhg8\u0026d=65ce2e32e492740f6e0cacf0\u0026pid=204SBB1CNyZGJ9jHEAgMLwzZxXAf5tTVAkSTHsaEzGvCmHeoQa8d43jVvmsJEti2UdNdE4\u0026s=1B4fmUHSm\r\nreferrer-policy: no-referrer\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=PS2zqNSbcZoqlGtXIb%2BATpDI2%2BnHY30bAnsOmAbOYJHnuFllK1uxiU17bUKM5HQIj4NWMVGoN0%2BR56lmNZj9Db0lOgzg6%2Bykw82KpDLu2HlqEB1n02CFI%2BA8OxDpmRPY4S1rOhY7lrZaDyYyVko%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8b7df0796b2c0b59-OSL\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":202,"size_decoded":202,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"e317a86b38c11433c776a9a5eb204a6a","sha1":"8e8c0d926e96baaecf563c5284dd051b7baa18a9","sha256":"0c5e76f88eae17faa5ad999f20c5162f6be5f1f29bf787f0886ec6179205dafa","sha512":"a89452fcf098330585a4297ffa9feecc136400500e3bb2ab6b2b73463ec550f0440b0ce6204d248fcfc97c168aefbaec05b628b02a47b98693e3bd0cbdd31108","ssdeep":"","tlshash":"53d023e942d9144e0b640a3871b0114012550bd7f930d55d70d33645b9c5676c01024f","first_seen":"2024-08-29T18:05:43.648923Z","last_seen":"2024-08-29T18:05:43.648923Z","times_seen":1,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":58,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t3.blowingwnd.com/l.php?p=c:btrsnl901aaqozhg8\u0026d=65ce2e32e492740f6e0cacf0\u0026pid=204SBB1CNyZGJ9jHEAgMLwzZxXAf5tTVAkSTHsaEzGvCmHeoQa8d43jVvmsJEti2UdNdE4\u0026s=1B4fmUHSm","fqdn":"t3.blowingwnd.com","domain":"blowingwnd.com","tld":"com"},"ip":{"addr":"51.161.115.163","port":443,"asn":16276,"as":"OVH SAS","country":"Canada","country_code":"CA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:13.733Z","timestamp":1724445853733,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"burned-koala.landingtrack.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 31 Jul 2024 06:45:46 GMT","end":"Tue, 29 Oct 2024 06:45:45 GMT"},"fingerprint":{"sha1":"70:42:5E:0F:64:91:3E:7F:8D:DA:24:98:21:FB:81:09:98:C3:65:9F","sha256":"3B:47:6F:9B:C3:C6:57:29:3D:FE:B3:A9:59:C0:2B:1A:E5:D7:48:A5:D1:F8:CE:50:B5:03:20:92:CF:EB:42:1E"}}},"request":{"raw":"GET /l.php?p=c:btrsnl901aaqozhg8\u0026d=65ce2e32e492740f6e0cacf0\u0026pid=204SBB1CNyZGJ9jHEAgMLwzZxXAf5tTVAkSTHsaEzGvCmHeoQa8d43jVvmsJEti2UdNdE4\u0026s=1B4fmUHSm HTTP/1.1\r\nHost: t3.blowingwnd.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Fri, 23 Aug 2024 20:44:13 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nRound: 13oes905nr\r\nRaund: 313\r\nLocation: https://go.savethereef.xyz/redirect?feed=642698\u0026url=t3.blowingwnd.com\u0026subid=1B4fmUHSm\u0026query=\u0026pub_clickid=66c8f49de8e1af60c1443175\u0026default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"go.savethereef.xyz/redirect?feed=642698\u0026url=t3.blowingwnd.com\u0026subid=1B4fmUHSm\u0026query=\u0026pub_clickid=66c8f49de8e1af60c1443175\u0026default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D","fqdn":"go.savethereef.xyz","domain":"savethereef.xyz","tld":"xyz"},"ip":{"addr":"198.134.116.30","port":443,"asn":27257,"as":"WEBAIR-INTERNET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:13.838Z","timestamp":1724445853838,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"savethereef.xyz","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Jul 2024 06:41:50 GMT","end":"Wed, 23 Oct 2024 06:41:49 GMT"},"fingerprint":{"sha1":"D1:B5:82:7A:E7:A2:9D:0F:D2:54:DF:FF:5B:26:25:DB:CD:59:D5:EA","sha256":"82:5D:73:82:98:F1:6C:B0:84:1D:D9:65:C2:B8:19:CE:57:12:44:66:10:34:8A:FA:98:2E:92:BC:2F:3B:24:DF"}}},"request":{"raw":"GET /redirect?feed=642698\u0026url=t3.blowingwnd.com\u0026subid=1B4fmUHSm\u0026query=\u0026pub_clickid=66c8f49de8e1af60c1443175\u0026default_url=https%3A%2F%2Ft1.hightid.com%2Fr.php%3Fp%3Dc%3As_8942pgf_9qrwlx0%26d%3D653c9411464a4419c012ddb2%26s%3D%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP/1.1\r\nHost: go.savethereef.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Fri, 23 Aug 2024 20:44:14 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-store\r\nLocation: https://ss.uakarisigneur.com/i5JZ0W4vBiA/MoeON\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T08:47:05.766455Z","times_seen":13367613,"resource_available":true,"data":null}},"time_used":281,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-23T20:44:14.215531841Z","timestamp":1724445854215,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"C3D31BB4E7886F24CB65C124A8C14547A5093F3A09B62E21793D307386F30E9A\"\r\nLast-Modified: Fri, 23 Aug 2024 14:39:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9494\r\nExpires: Fri, 23 Aug 2024 23:22:28 GMT\r\nDate: Fri, 23 Aug 2024 20:44:14 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"940ffdd20422807cd4322dbfa0ae7d2c","sha1":"891ef2bc5cc9a8ebda0c3f5c1fa8ff397f8e845b","sha256":"c3d31bb4e7886f24cb65c124a8c14547a5093f3a09b62e21793d307386f30e9a","sha512":"f50a41888e8d9433f53c7d5b6ba21ab54c90677d26677c2d9b0360fa0c5e9a82c50aaa92b14b2089200c8295c405b96c43397e47448c315be0eacbe6c60c5b37","ssdeep":"","tlshash":"b2f095d16a1a7d54491444695deb907baa257d953cc545e7a2f401f7ec267e8520000d","first_seen":"2024-08-23T22:44:39Z","last_seen":"2024-08-29T18:05:43.649921Z","times_seen":11,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ss.uakarisigneur.com/i5JZ0W4vBiA/MoeON","fqdn":"ss.uakarisigneur.com","domain":"uakarisigneur.com","tld":"com"},"ip":{"addr":"23.109.170.189","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-23T20:44:14.124Z","timestamp":1724445854124,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ss.uakarisigneur.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 13 Aug 2024 22:24:26 GMT","end":"Mon, 11 Nov 2024 22:24:25 GMT"},"fingerprint":{"sha1":"C5:B7:5D:FC:68:FF:3C:58:F1:F8:A4:71:16:EE:11:AB:B4:DE:3E:99","sha256":"DB:0D:7C:C3:E0:A9:2E:1D:E3:77:17:01:FA:03:D8:FB:96:27:38:4E:0E:40:B1:F6:70:81:05:B7:B0:C1:7E:E9"}}},"request":{"raw":"GET /i5JZ0W4vBiA/MoeON HTTP/1.1\r\nHost: ss.uakarisigneur.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 23 Aug 2024 20:44:14 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nAccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nSet-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 24-Aug-2024 20:44:14 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 24-Aug-2024 20:44:14 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":61,"size_decoded":52,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"86733bb66fb84b851592d733e51f0cbd","sha1":"42eaf19a5ca195667a9212b0ea3557eee76954a8","sha256":"927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d","sha512":"a8c4b7ea33487c8308d0700e573367d976b4a0407719089157679ebb8ce14168fb8825f798ac5aaa4b14892c5cc22a6468491fb776ab8b0dc29218628f1fcaa8","ssdeep":"","tlshash":"c99002d55c01c1289cf0094418e2b15c090886541806d48070c09db509503959c22585","first_seen":"2024-01-18T20:18:28Z","last_seen":"2026-04-05T08:41:01.208884Z","times_seen":9358,"resource_available":true,"data":null}},"time_used":230,"timings":{"blocked":102,"dns":46,"connect":18,"send":0,"wait":22,"receive":2,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ss.uakarisigneur.com/favicon.ico","fqdn":"ss.uakarisigneur.com","domain":"uakarisigneur.com","tld":"com"},"ip":{"addr":"23.109.170.189","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ss.uakarisigneur.com/i5JZ0W4vBiA/MoeON","date":"2024-08-23T20:44:14.696Z","timestamp":1724445854696,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_128_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ss.uakarisigneur.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 13 Aug 2024 22:24:26 GMT","end":"Mon, 11 Nov 2024 22:24:25 GMT"},"fingerprint":{"sha1":"C5:B7:5D:FC:68:FF:3C:58:F1:F8:A4:71:16:EE:11:AB:B4:DE:3E:99","sha256":"DB:0D:7C:C3:E0:A9:2E:1D:E3:77:17:01:FA:03:D8:FB:96:27:38:4E:0E:40:B1:F6:70:81:05:B7:B0:C1:7E:E9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ss.uakarisigneur.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ss.uakarisigneur.com/i5JZ0W4vBiA/MoeON\r\nCookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 23 Aug 2024 20:44:14 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 1406\r\nLast-Modified: Thu, 22 Aug 2024 09:26:51 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=20\r\nETag: \"66c7045b-57e\"\r\nExpires: Sat, 24 Aug 2024 20:44:14 GMT\r\nCache-Control: max-age=86400\r\nStrict-Transport-Security: max-age=1\r\nX-Content-Type-Options: nosniff\r\nAccept-Ranges: bytes\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1406,"size_decoded":1406,"mime_type":"application/octet-stream","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-04-05T08:05:54.349808Z","times_seen":19343,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}