{"report_id":"cd9fd85d-1efb-4062-b70d-f149a9835d82","version":6,"status":"done","tags":[],"date":"2025-09-13T09:48:14Z","url":{"schema":"http","addr":"pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.96.1","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"title":"Register"},"submit":{"url":{"schema":"http","addr":"pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.96.1","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-18T09:48:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-13T09:47:52Z","timestamp":1757756872,"ip_dst":{"addr":"104.21.32.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.9","port":59604,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.asia domain","source":"{\"timestamp\":\"2025-09-13T09:47:52.922111+0000\",\"flow_id\":211545355763160,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":59604,\"dest_ip\":\"104.21.32.1\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032986,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.asia domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"pretendlinkk25.asia\",\"url\":\"/index/user/register/invite_code/UWTGLM/lang/en-us.html\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html\",\"length\":3},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":793,\"bytes_toclient\":837,\"start\":\"2025-09-13T09:47:52.900568+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"pretendlinkk25.asia","ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-21","domain_rank":1184740,"first_seen":"2025-09-13T09:48:15.157007Z","last_seen":"2025-09-13T09:48:15.157007Z","alert_count":3,"request_count":12,"received_data":684761,"sent_data":6692,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-13T09:47:52Z","timestamp":1757756872,"ip_dst":{"addr":"104.21.32.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.9","port":59604,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.asia domain","source":"{\"timestamp\":\"2025-09-13T09:47:52.922111+0000\",\"flow_id\":211545355763160,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":59604,\"dest_ip\":\"104.21.32.1\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032986,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.asia domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"pretendlinkk25.asia\",\"url\":\"/index/user/register/invite_code/UWTGLM/lang/en-us.html\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html\",\"length\":3},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":793,\"bytes_toclient\":837,\"start\":\"2025-09-13T09:47:52.900568+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"pretendlinkk25.asia/static_new/js/common.js","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bf6c23341d03cc9b062787bd7169f29e","sha1":"1ca3ebb7affe640d59243354889340d5535ecf1d","sha256":"80b3ebb447c0fe8c6f6f5942b030787ff1652d96edf9c74618e29f8401317df3","sha512":"be4a24f6339d0af62174457ef10e3f663034221e8808c094b6f7530bcd64e6548dab5a2e954bdb3c2a6aa6621d027474e1879c8581935b7697fbc353a0536ad2","ssdeep":"","tlshash":"5a41fe4dbee92d23113ef2690a6fa20be5279013ef5d88407d0e41805b20075599ef8f","size":2064,"data":"","first_seen":"2023-03-07T14:05:37Z","last_seen":"2026-03-05T23:39:38.702979Z","times_seen":234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/static_new/js/jquery.min.js","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f832e36068ab203a3f89b1795480d0d7","sha1":"2115753ca5fb7032aec498db7bb5dca624dbe6be","sha256":"4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf","sha512":"b9dbc08c984ae3c7fd44822ec2e9a22cb8cf7da55fa3975dbbdc3f18fd7e7a7793e8d93604826574e3dd6a4f982d7af4f96c1af5e10d847b8394a34a82c398ba","ssdeep":"1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPmw:ygZm0H5HO5+gCKWZyPmHQ47GKc","tlshash":"b28319dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","size":88144,"data":"","first_seen":"2023-03-07T01:24:01Z","last_seen":"2026-04-05T13:45:08.309736Z","times_seen":10363,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/static_new/js/dialog.min.js","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"02cb2725d634506d874534d1b98f07c8","sha1":"1508e87a743b1fc505a1e52df60deff6ae559994","sha256":"4ed3837b611cec74e5ec695a27b6a2bf17e8a3b1f59cb031be1a91bd194ff058","sha512":"0fd0794c769318a5b05d405efe59aa2233ad0eb25849669892fddb112960789464039b42a37b377c8d9759aaf522a0f0e52e108f66c396f65f09a1f519e063be","ssdeep":"192:8792uFckSv56nit+FETsYnZpeVbMcMtUqVbMcvwpNDygwNAZPPrxmjp4axgVVHpO:kHC8u6fRVFObkcobwhUi2VHxaLgiz","tlshash":"dcc2322465eb21964a73f83687ab3112f2270013941dfe15397f46580fe4a3876aafe6","size":27740,"data":"","first_seen":"2023-04-15T22:47:07Z","last_seen":"2026-03-17T01:05:08.775948Z","times_seen":64,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-13T09:47:52.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /index/user/register/invite_code/UWTGLM/lang/en-us.html HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Sat, 13 Sep 2025 09:47:52 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: http://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\ncache-control: no-cache,must-revalidate\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=n1dYqbY6Z%2Bd5vvyavQxL0ybAUjpj0iN66RF531oEW1d1Z4QdH3j5ex5WA2LyFEJ3tY4JQFpmD0Od101B8fd7mgiKtuVVSCud82nz%2FqtPQYBS\"}]}\r\nset-cookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; HttpOnly; Path=/\nthink_var=en-us; HttpOnly; Path=/; Max-Age=1757843272; Expires=Tue, 27 May 2081 19:35:44 GMT\r\ncf-ray: 97e6b9c508c556a8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24280,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":36,"dns":11,"connect":1,"send":0,"wait":398,"receive":0,"ssl":21},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-13T09:47:52Z","timestamp":1757756872,"ip_dst":{"addr":"104.21.32.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.9","port":59604,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.asia domain","source":"{\"timestamp\":\"2025-09-13T09:47:52.922111+0000\",\"flow_id\":211545355763160,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":59604,\"dest_ip\":\"104.21.32.1\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032986,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.asia domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"pretendlinkk25.asia\",\"url\":\"/index/user/register/invite_code/UWTGLM/lang/en-us.html\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html\",\"length\":3},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":793,\"bytes_toclient\":837,\"start\":\"2025-09-13T09:47:52.900568+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-13T09:47:52.893Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /index/user/register/invite_code/UWTGLM/lang/en-us.html HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Sat, 13 Sep 2025 09:47:52 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLocation: https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5PRCbeU2fEQ2Zufe%2FdXLeUONE6%2BMz1R0%2BIG%2BMfy%2BiBgGLfQYj87mKsRHYU2kwx5m3Z0JQVFKkcjLLq%2BOMcOJTr0d4hCKPnzjrEgxLovA9gZ8yj4%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 97e6b9c7aa882678-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24280,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":9,"dns":6,"connect":1,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-13T09:47:52Z","timestamp":1757756872,"ip_dst":{"addr":"104.21.32.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.9","port":59604,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.asia domain","source":"{\"timestamp\":\"2025-09-13T09:47:52.922111+0000\",\"flow_id\":211545355763160,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":59604,\"dest_ip\":\"104.21.32.1\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032986,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.asia domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"pretendlinkk25.asia\",\"url\":\"/index/user/register/invite_code/UWTGLM/lang/en-us.html\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html\",\"length\":3},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":793,\"bytes_toclient\":837,\"start\":\"2025-09-13T09:47:52.900568+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/static_new7/css/blue.css","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html","date":"2025-09-13T09:47:53.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /static_new7/css/blue.css HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 09:47:54 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 13 Jun 2025 02:00:49 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jnD%2FG%2B%2Bd227sb5eHkJPuqifQrE%2BJi23rjRAjfoikn4T6XZ%2Ftz98YYeg%2FIMzbiHXhbNb%2FJI1NKwn0vnZlQDHKvrj0AODutYKWORk6a5cAEzgg\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: W/\"684b8651-60110\"\r\nexpires: Sat, 13 Sep 2025 21:47:54 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\ncf-ray: 97e6b9cd4f5056ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":393488,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (9240)","md5":"eac9aa9d9a74fa30e2e1f014b2973bcc","sha1":"39febb227730c11ff3e59753876d8981ba734f12","sha256":"3c440f987ad9949413b3eaad2eb7ec61f0a6ea878b148901f402229d89dd3ca1","sha512":"c84686f07bb5478e567f236205bb679d803a820f077230a865c980e855e124ecc37daa8088aa3ce9a41eee99785620dd2c897d3f6cf4976aa2555495ef392504","ssdeep":"12288:0TLeLJQmUBA+j6B9DEitUouMuz5xBx0iybO0oUWBBVC:wLePoA+j6B9DEitUouMuz5xBx0iyX","tlshash":"4f840924baab1804b81bc5ec3fad2bc5662411835c4bcd683bc736905f4f1a9b466fdd","first_seen":"2025-09-13T09:48:17.604387Z","last_seen":"2026-03-17T01:05:08.774409Z","times_seen":8,"resource_available":false,"data":null}},"time_used":955,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":392,"receive":563,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/static_new/css/public.css","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html","date":"2025-09-13T09:47:53.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /static_new/css/public.css HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 09:47:54 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 13 Apr 2025 06:47:56 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bu6uN%2BOUuG80ul3tbJGWKALOTN5LuiFoEIIFDldh8VmO6Nxe4DchgeeAu3zm2Lr1djfZw7BVoWfohWmJtRE8qcsJET3qaeh1mq4Gv%2F7R8Y6c\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: W/\"67fb5e1c-3ca5\"\r\nexpires: Sat, 13 Sep 2025 21:47:54 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\ncf-ray: 97e6b9cd4f5156ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15525,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"b2b846d0e0f57372a9b4d252dd4143f4","sha1":"f63bf79e9f759ec8fe9d4199843bd9669d55561f","sha256":"a1d579a9495948d1864ca859192d92035b0f7a007fb839e89e79ffda2e64bfd5","sha512":"c3312eefa263287019c05226cb4c9a32e2b74904aa1ad3c51307c258dd624d6a5067c0953c09d6c4199a7af80941f4305633f904da5a443e97ca0035bbf8816a","ssdeep":"192:nDS+vyW2AoOQSc2Xy3MO/sITnOe/Kh95TU+eSO/YmDdi2fiwi5rcC5iJiY1i+KWU:UOQiwKZmDdx1gMFEW0DV","tlshash":"9d62febe2dab1140e23fd2300fed2699e628d1536052eeaf31d9548bcf8275436cb385","first_seen":"2023-04-08T00:16:21Z","last_seen":"2026-03-17T01:05:08.779769Z","times_seen":279,"resource_available":false,"data":null}},"time_used":392,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":392,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/static_new/js/jquery.min.js","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html","date":"2025-09-13T09:47:53.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /static_new/js/jquery.min.js HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 09:47:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Apr 2025 06:47:56 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ft8V7oBmA1z9S3doIszh5QbJst0Ncj292elK%2FU84L4mY9PtwLZHCIRImVbTbpbQR2DqYVj68TGDH293zvKpeqatfqM6OQXdVND70yVhk9Nmx\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: W/\"67fb5e1c-15850\"\r\nexpires: Sat, 13 Sep 2025 21:47:54 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\ncf-ray: 97e6b9cd4f5256ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":88144,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"f832e36068ab203a3f89b1795480d0d7","sha1":"2115753ca5fb7032aec498db7bb5dca624dbe6be","sha256":"4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf","sha512":"b9dbc08c984ae3c7fd44822ec2e9a22cb8cf7da55fa3975dbbdc3f18fd7e7a7793e8d93604826574e3dd6a4f982d7af4f96c1af5e10d847b8394a34a82c398ba","ssdeep":"1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPmw:ygZm0H5HO5+gCKWZyPmHQ47GKc","tlshash":"b28319dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","first_seen":"2023-03-07T01:24:01Z","last_seen":"2026-04-05T13:45:08.309736Z","times_seen":10363,"resource_available":true,"data":null}},"time_used":598,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":403,"receive":195,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/static_new7/imgs/public/b-left.png","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html","date":"2025-09-13T09:47:53.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /static_new7/imgs/public/b-left.png HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 09:47:54 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 13 Apr 2025 06:47:56 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uZZev9I0siHyotDsIds9uPDbAyRBuhOLiWea0jrMzulK4lTNpEF17pzNgtB6sETi9NZ1q20yVVUfLjw4rX42trPko6DTQ%2BjQZEW1j6T%2FqqPp\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: W/\"67fb5e1c-b33\"\r\nexpires: Mon, 13 Oct 2025 09:47:54 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\ncf-ray: 97e6b9cd4f5556ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2867,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced","md5":"08c04d1cb44e4d8d3a7d10de9a7528fb","sha1":"5ce4369a03667a1b923fb9d24c81ac17b6c5eee0","sha256":"22af32d565e8d02451ede74c1a2caaec67b9d3756cd12d7a5f7b8056a7711064","sha512":"38e053a3670af6ae80abdafb0627c136f2c411438bd8e34c940576661d567e7a150369fc8158d9fff221faf806fe3df5bb20d32b692ee409f05415f86e7afb9b","ssdeep":"","tlshash":"fc513b3a6210a24cc50294565c33dd7cbf364d9c85e74660eac1dbae4869eb701b739b","first_seen":"2025-09-13T09:48:17.61227Z","last_seen":"2025-11-07T07:29:32.648421Z","times_seen":3,"resource_available":false,"data":null}},"time_used":398,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":398,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-13T09:47:52.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /index/user/register/invite_code/UWTGLM/lang/en-us.html HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 301 Moved Permanently\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 09:47:53 GMT\r\ncontent-type: text/html; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QyRsm5AcVXzjyMDIrqm3gH9mqneB6u7GxS0HKa0Mk6Axv%2BEw1GjrgHlw9dxru%2BQSGUZzHKdBpRpCMyFRZ5uPVuVrrEmdklkAuH4FQxLJgjOO\"}]}\r\nset-cookie: think_var=en-us; HttpOnly; Path=/; Max-Age=1757843273; Expires=Tue, 27 May 2081 19:35:46 GMT\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: no-cache,must-revalidate\r\nlocation: https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 97e6b9c7cf2256ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24280,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":233,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":233,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-09-13T09:47:52Z","timestamp":1757756872,"ip_dst":{"addr":"104.21.32.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.9","port":59604,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.asia domain","source":"{\"timestamp\":\"2025-09-13T09:47:52.922111+0000\",\"flow_id\":211545355763160,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":59604,\"dest_ip\":\"104.21.32.1\",\"dest_port\":80,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2032986,\"rev\":1,\"signature\":\"ET INFO HTTP Request to a *.asia domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_05_18\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_05_18\"]}},\"http\":{\"hostname\":\"pretendlinkk25.asia\",\"url\":\"/index/user/register/invite_code/UWTGLM/lang/en-us.html\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"redirect\":\"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM/lang/en-us.html\",\"length\":3},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":793,\"bytes_toclient\":837,\"start\":\"2025-09-13T09:47:52.900568+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-13T09:47:53.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /index/user/register/invite_code/UWTGLM.html HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 09:47:53 GMT\r\ncontent-type: text/html; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hX7HOQICGFdSpE8WRAA6qSub2wMsSxTUDV7xnSN%2B4Ml49TloQCH4b9YRb0DWT3N3HXPBib3SMQe9k3vxusz42H5X5LAn0wUmbJ3%2FcVst6lL1\"}]}\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 97e6b9c94f3456ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24280,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (16793)","md5":"92681bdc2ee89ba2f85b939b95fad02c","sha1":"b980e5d548df8cd3e5b49dc0e26c08c566106dcc","sha256":"89d6d18fc2073c41f8fe93daffb87ea231963a3dcd42b29645721a71cd86aaac","sha512":"46aac2de5d19ccc492148c3e644e5a34574cd713e67a798170fd446e8364c02afebca2ef1fe35dea9794059236c702f1fdcf26448c9c4622e8320475a527cb1f","ssdeep":"384:JzJ9/Mfak10StijP9yxhrdT4XIML49ubpJZyR1ku2fG:JzJ9/MSkmj+PcIML4Wp2r","tlshash":"e7b24cb460572c0b166384b52dab3b192c37d50f8d0aed007f9ea3a06fd5e64b552bec","first_seen":"2025-09-13T09:48:17.614592Z","last_seen":"2025-09-13T09:48:17.614592Z","times_seen":1,"resource_available":false,"data":null}},"time_used":404,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":401,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/static_new/js/dialog.min.js","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html","date":"2025-09-13T09:47:53.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /static_new/js/dialog.min.js HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 09:47:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Apr 2025 06:47:56 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IANzvyDLT1ebQDIReYGXg%2FIvRcxCjvU3VrhQV85IKFHMXfz2OBYyvrqf4%2FEp8e7nFc2ClGyHWVCQXxlcm6OKbS4pDfm6krZpHsUj7jQcJEIO\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: W/\"67fb5e1c-6cf6\"\r\nexpires: Sat, 13 Sep 2025 21:47:53 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\ncf-ray: 97e6b9cd4f5356ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27894,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"02cb2725d634506d874534d1b98f07c8","sha1":"1508e87a743b1fc505a1e52df60deff6ae559994","sha256":"4ed3837b611cec74e5ec695a27b6a2bf17e8a3b1f59cb031be1a91bd194ff058","sha512":"0fd0794c769318a5b05d405efe59aa2233ad0eb25849669892fddb112960789464039b42a37b377c8d9759aaf522a0f0e52e108f66c396f65f09a1f519e063be","ssdeep":"192:8792uFckSv56nit+FETsYnZpeVbMcMtUqVbMcvwpNDygwNAZPPrxmjp4axgVVHpO:kHC8u6fRVFObkcobwhUi2VHxaLgiz","tlshash":"dcc2322465eb21964a73f83687ab3112f2270013941dfe15397f46580fe4a3876aafe6","first_seen":"2023-04-15T22:47:07Z","last_seen":"2026-03-17T01:05:08.775948Z","times_seen":64,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":196,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/static_new/js/common.js","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html","date":"2025-09-13T09:47:53.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /static_new/js/common.js HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 09:47:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 13 Apr 2025 06:47:56 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wcNwE%2B3%2FNX9AR%2BnwpNXtxd7lmaUGhsadq8lXnz4Y2o9wTPTGi63WkFIALYIcNb7hn2TdPvExfhFtgMDzNDSkgWortOrnH5OJM01qS%2F0DwZQG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: W/\"67fb5e1c-810\"\r\nexpires: Sat, 13 Sep 2025 21:47:54 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\ncf-ray: 97e6b9cd4f5456ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2064,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"bf6c23341d03cc9b062787bd7169f29e","sha1":"1ca3ebb7affe640d59243354889340d5535ecf1d","sha256":"80b3ebb447c0fe8c6f6f5942b030787ff1652d96edf9c74618e29f8401317df3","sha512":"be4a24f6339d0af62174457ef10e3f663034221e8808c094b6f7530bcd64e6548dab5a2e954bdb3c2a6aa6621d027474e1879c8581935b7697fbc353a0536ad2","ssdeep":"","tlshash":"5a41fe4dbee92d23113ef2690a6fa20be5279013ef5d88407d0e41805b20075599ef8f","first_seen":"2023-03-07T14:05:37Z","last_seen":"2026-03-05T23:39:38.702979Z","times_seen":234,"resource_available":true,"data":null}},"time_used":387,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":387,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/static_new7/imgs/login/login-bg.png","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html","date":"2025-09-13T09:47:54.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /static_new7/imgs/login/login-bg.png HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pretendlinkk25.asia/static_new7/css/blue.css\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 09:47:55 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 13 Apr 2025 06:47:56 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=on0QiRN7Eecw7YqceF6LTesFWGn5qn7YB9Ulvg2GsfOmmFsF%2FWRnK0qtx%2FxDD2nOuknjCD6RW617feUNS3N4ircQ2v%2BSyv4sq1%2Fh%2FdFNA8zm\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: W/\"67fb5e1c-6dd6\"\r\nexpires: Mon, 13 Oct 2025 09:47:55 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\ncf-ray: 97e6b9d3bf8456ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28118,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 1624, 8-bit/color RGBA, non-interlaced","md5":"0c094a265c90f63a6e40f9b651367756","sha1":"244fb096518d96df45cd4c51c3196489afbb336e","sha256":"d39a36882961682f60d4ada915a878f9dad2fcabee0602d2a7f2697bc021f132","sha512":"b695cef867cae097d9a8f84071ab6e5437832b7fa2a3b48380111697a18e0ff7c721b18e09ae4176b0512cb80e86ba1604afb78e079d8bc531aa388e39fa6544","ssdeep":"192:o8sIQRdqncNvqNgIhsGhsGhsGhsGhsGhsGhsGhsGhsGhsGhaGhsGhsGhsGhsGhsA:IZT8","tlshash":"04c28490e33a517a3546995872cae9530a80fe772048cf720adbee6e1633f78dc71d16","first_seen":"2025-09-13T09:48:17.619235Z","last_seen":"2026-03-17T01:05:08.778833Z","times_seen":8,"resource_available":false,"data":null}},"time_used":402,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":401,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pretendlinkk25.asia/favicon.ico","fqdn":"pretendlinkk25.asia","domain":"pretendlinkk25.asia","tld":"asia"},"ip":{"addr":"104.21.32.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html","date":"2025-09-13T09:47:54.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pretendlinkk25.asia","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 17 Aug 2025 14:40:10 GMT","end":"Sat, 15 Nov 2025 14:36:38 GMT"},"fingerprint":{"sha1":"4A:57:CA:AA:AF:B5:7F:1E:A8:8C:A4:E8:FB:CC:03:18:B8:1B:CC:44","sha256":"C8:FA:28:C3:E8:07:14:AB:6A:56:10:9A:03:89:5E:E1:BD:0E:52:C0:CB:A3:CA:6F:1A:1B:D6:1E:B4:08:D9:70"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: pretendlinkk25.asia\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pretendlinkk25.asia/index/user/register/invite_code/UWTGLM.html\r\nCookie: s6cf44f8a=gnbkud29us6n9t37nggrc1ifdp; think_var=en-us\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 09:47:55 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Sun, 13 Apr 2025 06:47:56 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C92MNOy%2BN1W8pdjPdFe%2BB2ttqwtJqADkOE0N%2FVk1fhqlhDkJBjHBqcFbKoU9v3qU3QMhrPUDrQvHELgCQ%2BwwYB9oV3IVRpgqJ%2F34eG8pRR1h\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"67fb5e1c-52f6\"\r\ncf-ray: 97e6b9d4af8a56ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21238,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 64x64, 32 bits/pixel","md5":"13d3575261a908defce36e7c5e2f4736","sha1":"090c1adb1847327dcc5e17d0dd6c5c854404a1df","sha256":"9b7d56e89806661029e2051be3c6953eb62efaa58bcdc262cfa00fad2b34b594","sha512":"05c75bc9c8fc392779c467ac537ef8d0fc345a81ce4dbbb962ed1eccbbc0ef988c1aa49bdeffe0ee103347f84b76ea7a85181f1f6c4fe660c325f10f3548f761","ssdeep":"192:7hf4HWak/tDPpHk4ua5WtBbLHIDdHAwlzG1Lfma/WsmjRxLgXNOK:lA2vxE4ua05oBhtfrsARxLcOK","tlshash":"52924a423858c919dc554f3944b3caa92eabbc41fd90b95778c4bf0f263b6c3506993a","first_seen":"2025-09-13T09:48:17.621839Z","last_seen":"2026-03-17T01:05:08.781711Z","times_seen":8,"resource_available":false,"data":null}},"time_used":578,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":389,"receive":189,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}