{"report_id":"ce6c59f9-2026-4711-8996-e5a44816fa84","version":6,"status":"done","tags":[],"date":"2026-04-15T07:14:31Z","url":{"schema":"http","addr":"theokanegroup.com","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"ip":{"addr":"91.92.241.159","port":0,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"final":{"url":{"schema":"https","addr":"theokanegroup.com/","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"title":"Amazon Pris Tracker","dom":{"size":107174,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (966)","md5":"c390d431fc209b5f026ff5f2e14efa3a","sha1":"8b65d50581257aec7d909c7b811de0f976c204b9","sha256":"d554f03e30c6c2991241eb3e7918919e8c538f523272695003e0db9eb6dd99c1","sha512":"84b3f863841842a2e92e511d19218b9d4b49f3e22c284f57fd235193a44ddbc67e8ad945b3c2d350498ca5b0da3f7cb19fcd5738b11a6856de10bbc74968c935","ssdeep":"3072:V1/TC0cHjDY3Mv4KsTXDwonWEIxD0X6Os:V1/TCxmWaqOs","tlshash":"6ba3199cd8b282505c3777c4369b070e3778900bf546c8dd7aadc1aa5f9c8aad1b7e48","dom_hash":"domhash7cf9f18ca48db9b080d2ce9f6565c9f8","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"theokanegroup.com","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"ip":{"addr":"91.92.241.159","port":0,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-20T07:14:31Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":5}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-15T07:14:10Z","timestamp":1776237250,"ip_dst":{"addr":"104.26.0.100","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":55118,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI","source":"{\"timestamp\":\"2026-04-15T07:14:10.281041+0000\",\"flow_id\":1430274487497646,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.26\",\"src_port\":55118,\"dest_ip\":\"104.26.0.100\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2039595,\"rev\":1,\"signature\":\"ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI\",\"category\":\"Device Retrieving External IP Address Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2022_10_28\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2025_04_17\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_10_28\"]}},\"tls\":{\"sni\":\"get.geojs.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":914,\"bytes_toclient\":3507,\"start\":\"2026-04-15T07:14:10.275374+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"theokanegroup.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-12T22:20:19.752051Z","alert_count":0,"request_count":1,"received_data":11870,"sent_data":504,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-12T22:16:45.621325Z","alert_count":0,"request_count":5,"received_data":165409,"sent_data":2753,"comment":"","tags":null,"fingerprints":null},{"fqdn":"theokanegroup.com","ip":{"addr":"91.92.241.159","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":35,"request_count":7,"received_data":1427475,"sent_data":3368,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"get.geojs.io","ip":{"addr":"104.26.0.100","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-02-18","domain_rank":99948,"first_seen":"2017-03-30T18:44:25Z","last_seen":"2026-04-08T23:58:07.184928Z","alert_count":0,"request_count":1,"received_data":1224,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"theokanegroup.com/","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"ip":{"addr":"91.92.241.159","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"introduction_type":"scriptElement","is_inline":true,"md5":"49e86681978821b740b23ef9f96faa9a","sha1":"ddefd0b847cf88e9b53e0926320b4e3b2a453d78","sha256":"e2b0945d580fbfb13a128df9a3c3a6ebc3196a4d7d7f7307b7f8dc89f6ef9c18","sha512":"ad00f730394536b14f4ae3fce7891522dda9cb1fc2e3e8ea6dd36833bb063f241056ea2383a47a5137f09b19fd51297481d88723d08880a980520ef49a538983","ssdeep":"1536:McHjDw/3Zuv4K7S8ijvmILDwjcnWEIxD0pFD2O1:McHjDY3Mv4KsTXDwonWEIxD0X6O1","tlshash":"165306ecc871d7504d323788748b060e373d911bf9a5a8d9797cc4ab2b5c82ed2b6e58","size":62693,"data":"","first_seen":"2026-04-15T07:14:37.123374Z","last_seen":"2026-04-15T07:14:52.165835Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:10.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:37 GMT","end":"Mon, 15 Jun 2026 08:38:36 GMT"},"fingerprint":{"sha1":"F8:24:5E:5A:B0:FB:57:E0:D6:E9:33:BD:54:27:DC:BF:50:74:4A:59","sha256":"A4:18:08:9F:87:3F:1D:A2:3B:7A:25:AA:E0:FF:C8:CB:B1:74:9C:8B:FF:A2:C5:D6:74:BB:B0:A7:97:7E:5B:02"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://theokanegroup.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7824\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 11 Apr 2026 01:49:29 GMT\r\nexpires: Sun, 11 Apr 2027 01:49:29 GMT\r\ncache-control: public, max-age=31536000\r\nage: 365081\r\nlast-modified: Mon, 15 Sep 2025 16:34:56 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7824,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7824, version 1.0","md5":"af4d371a10271dafeb343f1eace762bc","sha1":"6d11d743bc3cfb169d70bc86450f18351dc1a905","sha256":"60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2","sha512":"98e1d4804a31f0ec40307bb02d7af0e25e1a01f2d0f69676cd55f97f64a8d50ecfd5be05525956c4a80bf0d98810badbb08acb2927cd78963bcdde9f96e25ba1","ssdeep":"192:SvrCMV0T6yUN1NfKPtAqGFNL2kshO5YwMg9eSnUK:SvV0T6pNzSPtCrhsCYwMqeSnUK","tlshash":"44f1ae6ff6ea226ff944537dbc50108431224f92b94f11b61d2b126a77e87c8620b2a9","first_seen":"2023-04-06T18:33:44Z","last_seen":"2026-04-19T10:08:56.137158Z","times_seen":22566,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":108,"dns":0,"connect":7,"send":0,"wait":14,"receive":1,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:10.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:37 GMT","end":"Mon, 15 Jun 2026 08:38:36 GMT"},"fingerprint":{"sha1":"F8:24:5E:5A:B0:FB:57:E0:D6:E9:33:BD:54:27:DC:BF:50:74:4A:59","sha256":"A4:18:08:9F:87:3F:1D:A2:3B:7A:25:AA:E0:FF:C8:CB:B1:74:9C:8B:FF:A2:C5:D6:74:BB:B0:A7:97:7E:5B:02"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://theokanegroup.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 08:25:52 GMT\r\nexpires: Fri, 09 Apr 2027 08:25:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 514098\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-04-19T10:30:38.916068Z","times_seen":146937,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":109,"dns":6,"connect":20,"send":0,"wait":21,"receive":6,"ssl":83},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"theokanegroup.com/Amazon_Refund_App_Video.mp4","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"ip":{"addr":"91.92.241.159","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:10.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"theokanegroup.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Apr 2026 14:55:40 GMT","end":"Mon, 06 Jul 2026 14:55:39 GMT"},"fingerprint":{"sha1":"C9:92:D0:D3:92:DF:1F:AA:24:14:27:AC:48:26:71:93:2F:F3:7B:79","sha256":"7E:80:34:89:06:4F:AB:F1:3D:80:99:48:D9:36:2B:4E:11:1D:74:75:DE:B9:2C:6C:61:4E:1B:EC:52:E2:6F:6F"}}},"request":{"raw":"GET /Amazon_Refund_App_Video.mp4 HTTP/1.1\r\nHost: theokanegroup.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=1802240-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://theokanegroup.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Wed, 15 Apr 2026 07:14:10 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 16171\r\nlast-modified: Tue, 07 Apr 2026 16:01:55 GMT\r\netag: \"69d52a73-1bbf2b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-range: bytes 1802240-1818410/1818411\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16171,"size_decoded":0,"mime_type":"video/mp4","magic":"data","md5":"0e28b1e2d189fb2c929e9d56a0825c30","sha1":"e674abe6bc862dc4512e18ef26cb684664bebf7e","sha256":"749ac1790c35ad6e55f00a8a77486e0098433acd28399d0e22591bd1236029bc","sha512":"e3a5da1059772935661447518fd52f132df5c364fbb2d904a887e0cb4e6f80b0b1989267ba49f0bd5062df6da1d8c86e6fe0608fae00d28dadcb22caf91ebd59","ssdeep":"384:zRTU6CViuCH7StO+n6tmrm8qX/urUM/cgqGmVGt2gmvJo:zlCUuCH7/mqgUTgnTf","tlshash":"e9726cd1a3680c06d665223894d207257b34e8b87ae7c3cb8bd2e27d5d137c89f5a4db","first_seen":"2026-04-15T07:14:37.102174Z","last_seen":"2026-04-15T07:14:52.157166Z","times_seen":2,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"theokanegroup.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"theokanegroup.com/favicon.ico","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"ip":{"addr":"91.92.241.159","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:10.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"theokanegroup.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Apr 2026 14:55:40 GMT","end":"Mon, 06 Jul 2026 14:55:39 GMT"},"fingerprint":{"sha1":"C9:92:D0:D3:92:DF:1F:AA:24:14:27:AC:48:26:71:93:2F:F3:7B:79","sha256":"7E:80:34:89:06:4F:AB:F1:3D:80:99:48:D9:36:2B:4E:11:1D:74:75:DE:B9:2C:6C:61:4E:1B:EC:52:E2:6F:6F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: theokanegroup.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://theokanegroup.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Apr 2026 07:14:10 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T10:23:19.677194Z","times_seen":13930759,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"theokanegroup.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"theokanegroup.com/2.jpg","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"ip":{"addr":"91.92.241.159","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:09.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"theokanegroup.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Apr 2026 14:55:40 GMT","end":"Mon, 06 Jul 2026 14:55:39 GMT"},"fingerprint":{"sha1":"C9:92:D0:D3:92:DF:1F:AA:24:14:27:AC:48:26:71:93:2F:F3:7B:79","sha256":"7E:80:34:89:06:4F:AB:F1:3D:80:99:48:D9:36:2B:4E:11:1D:74:75:DE:B9:2C:6C:61:4E:1B:EC:52:E2:6F:6F"}}},"request":{"raw":"GET /2.jpg HTTP/1.1\r\nHost: theokanegroup.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://theokanegroup.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Apr 2026 07:14:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 186073\r\nlast-modified: Tue, 07 Apr 2026 16:01:59 GMT\r\netag: \"69d52a77-2d6d9\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":186073,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 784x1168, components 3","md5":"d95ea31a973315fc9105d2b3f3df9125","sha1":"1d5c49123f09fb81880e0ba1cedcc1251599552e","sha256":"55cf9a4578c0ff1c1b3d7c29c80a286bf6039a3613d0ba81876b61e095fed06f","sha512":"0dccbd1f58d9119bf4ab90c70dcd959c15221a8be742fdd907a40622306a9c30980716cf1031f76d9adfa129997adeb53e2ead0bdb6186c6af516f861d1d2f5c","ssdeep":"3072:5wb8JwgHD7LPT897M4mboB1ZE23Id614yxojINYd60OUo542/5tEVMYUphSCZNWD:5woJr38yejE7dlyy09z424e5phSCJNil","tlshash":"1104223a9f2213a9da53c5fd7ec2790450e895630f809e6b13a21b30c1cfdee76694e5","first_seen":"2026-04-15T07:14:37.106627Z","last_seen":"2026-04-15T07:14:52.134341Z","times_seen":2,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":175,"receive":131,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"theokanegroup.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"theokanegroup.com/Amazon_Refund_App_Video.mp4","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"ip":{"addr":"91.92.241.159","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:09.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"theokanegroup.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Apr 2026 14:55:40 GMT","end":"Mon, 06 Jul 2026 14:55:39 GMT"},"fingerprint":{"sha1":"C9:92:D0:D3:92:DF:1F:AA:24:14:27:AC:48:26:71:93:2F:F3:7B:79","sha256":"7E:80:34:89:06:4F:AB:F1:3D:80:99:48:D9:36:2B:4E:11:1D:74:75:DE:B9:2C:6C:61:4E:1B:EC:52:E2:6F:6F"}}},"request":{"raw":"GET /Amazon_Refund_App_Video.mp4 HTTP/1.1\r\nHost: theokanegroup.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://theokanegroup.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Wed, 15 Apr 2026 07:14:09 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 1818411\r\nlast-modified: Tue, 07 Apr 2026 16:01:55 GMT\r\netag: \"69d52a73-1bbf2b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-range: bytes 0-1818410/1818411\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":413776,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"3ee7f662fceff6695dfdad337934f931","sha1":"4ad17b060efd4857c1171f68fb067e7bcf6b5f81","sha256":"220f365b327ce2a87f25a6395711634a8ce08762859804b5271b186214722b71","sha512":"71e0902458bfc75895a1d8277321fb2ab169d479f7c8bcb08f6df8bd2606f3ec0120ad683d3954711566df8fc9547913d7933960d178e809b05f4b34baee7e8e","ssdeep":"12288:UGRBShkQXVe18bgNQTYKnfTCPx+PuQDWI/Sx5g9pssG:RRik18bJMULCK7/SxKpsr","tlshash":"ac9423aab882490fdbecad5d93dac1628d73908ccd40db5923d824502d76fb1930bf39","first_seen":"2026-04-15T07:14:37.109708Z","last_seen":"2026-04-15T07:14:37.109708Z","times_seen":1,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":147,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"theokanegroup.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:10.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:37 GMT","end":"Mon, 15 Jun 2026 08:38:36 GMT"},"fingerprint":{"sha1":"F8:24:5E:5A:B0:FB:57:E0:D6:E9:33:BD:54:27:DC:BF:50:74:4A:59","sha256":"A4:18:08:9F:87:3F:1D:A2:3B:7A:25:AA:E0:FF:C8:CB:B1:74:9C:8B:FF:A2:C5:D6:74:BB:B0:A7:97:7E:5B:02"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://theokanegroup.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 08:25:52 GMT\r\nexpires: Fri, 09 Apr 2027 08:25:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 514098\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-04-19T10:30:38.916068Z","times_seen":146937,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":105,"dns":1,"connect":21,"send":0,"wait":13,"receive":10,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:10.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:37 GMT","end":"Mon, 15 Jun 2026 08:38:36 GMT"},"fingerprint":{"sha1":"F8:24:5E:5A:B0:FB:57:E0:D6:E9:33:BD:54:27:DC:BF:50:74:4A:59","sha256":"A4:18:08:9F:87:3F:1D:A2:3B:7A:25:AA:E0:FF:C8:CB:B1:74:9C:8B:FF:A2:C5:D6:74:BB:B0:A7:97:7E:5B:02"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://theokanegroup.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 08:25:52 GMT\r\nexpires: Fri, 09 Apr 2027 08:25:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 514098\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-04-19T10:30:38.916068Z","times_seen":146937,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":213,"dns":1,"connect":39,"send":0,"wait":8,"receive":3,"ssl":164},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:10.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:37 GMT","end":"Mon, 15 Jun 2026 08:38:36 GMT"},"fingerprint":{"sha1":"F8:24:5E:5A:B0:FB:57:E0:D6:E9:33:BD:54:27:DC:BF:50:74:4A:59","sha256":"A4:18:08:9F:87:3F:1D:A2:3B:7A:25:AA:E0:FF:C8:CB:B1:74:9C:8B:FF:A2:C5:D6:74:BB:B0:A7:97:7E:5B:02"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://theokanegroup.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7816\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 11 Apr 2026 02:12:26 GMT\r\nexpires: Sun, 11 Apr 2027 02:12:26 GMT\r\ncache-control: public, max-age=31536000\r\nage: 363704\r\nlast-modified: Mon, 15 Sep 2025 16:35:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7816,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7816, version 1.0","md5":"25b0e113ca7cce3770d542736db26368","sha1":"cb726212d5d525021752a1d8470a0fb593e0c49e","sha256":"9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526","sha512":"a0d331e62ab4727f49ca286a1ee7fb81cddc5bb9edf71ef84f4bd4fa1552069af1a82752011ba88fae80862d034135926b7e99d70e59d626d66d4ede90e94c30","ssdeep":"192:Agw5ksLwlyK8F2BXU96Fc575OI3+ga534SlEFwTG4ovej9be:Al5y8FSUMS5VOq1KISlvS4ov+4","tlshash":"a3f1af19d5de5a73f80032b45b6911ba7e42fa83bc68bbedf8046a10ad542cb467cc91","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-04-19T10:28:24.514414Z","times_seen":215377,"resource_available":false,"data":null}},"time_used":450,"timings":{"blocked":216,"dns":0,"connect":22,"send":0,"wait":9,"receive":1,"ssl":198},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"get.geojs.io/v1/ip/geo.json","fqdn":"get.geojs.io","domain":"geojs.io","tld":"io"},"ip":{"addr":"104.26.0.100","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:10.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"geojs.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 07:10:51 GMT","end":"Mon, 18 May 2026 08:10:47 GMT"},"fingerprint":{"sha1":"EF:5C:D3:F8:E6:B7:38:CD:CA:46:66:77:FC:18:FE:8C:52:3D:67:B9","sha256":"02:D3:72:B3:A3:39:B5:47:16:7B:73:15:97:B5:EF:8E:7B:0A:14:D2:1E:C7:AD:7A:AF:C5:26:23:EB:93:A1:2E"}}},"request":{"raw":"GET /v1/ip/geo.json HTTP/1.1\r\nHost: get.geojs.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://theokanegroup.com/\r\nOrigin: https://theokanegroup.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 15 Apr 2026 07:14:10 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\ncache-control: max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-request-id: 5127267a436f17597dfca8b0f7d99d16-ASH\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\ngeojs-backend: ash-01\r\nlast-modified: Wed, 15 Apr 2026 07:14:10 GMT\r\ncf-cache-status: MISS\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4FgOzchhYKBiyInv63UaptmRvdlpImcBO5QZXo2mqqC%2Fqfx390jIsH%2BPLswWQxMwlQ4NHlSuawszJmwFzK8pUHcxA7bFTBOsChAF9bJfwJ%2Bpid0VrkBKyIAS1HXIBg%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9ec926de69cac272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":335,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7d18a0d675fcb70787c1704076f1ad4d","sha1":"f5f026a55dfdcaf844c7e7ca230a24a76ce7374c","sha256":"0312e42eeb0e3444d7297c26a2425e6fdf71213da609fe4f1fa08210f6190b3f","sha512":"84e3e34b779541c0c053ae92e0f22bd94830dd9ee06c68e4910a7c146c4ff65949616adbac97917abe00247e5bc6cd96d1d504a914e6cb5e0ffc25354ec751bd","ssdeep":"","tlshash":"29e0d89950fc6e25f82b829e422d4a5b26bd5101c6c964474ef57e18c2806992141b0a","first_seen":"2026-04-08T11:50:04.361305Z","last_seen":"2026-04-19T09:38:45.331547Z","times_seen":248,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":22,"dns":0,"connect":1,"send":0,"wait":117,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"theokanegroup.com/Amazon_Refund_App_Video.mp4","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"ip":{"addr":"91.92.241.159","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:10.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"theokanegroup.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Apr 2026 14:55:40 GMT","end":"Mon, 06 Jul 2026 14:55:39 GMT"},"fingerprint":{"sha1":"C9:92:D0:D3:92:DF:1F:AA:24:14:27:AC:48:26:71:93:2F:F3:7B:79","sha256":"7E:80:34:89:06:4F:AB:F1:3D:80:99:48:D9:36:2B:4E:11:1D:74:75:DE:B9:2C:6C:61:4E:1B:EC:52:E2:6F:6F"}}},"request":{"raw":"GET /Amazon_Refund_App_Video.mp4 HTTP/1.1\r\nHost: theokanegroup.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=294912-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://theokanegroup.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Wed, 15 Apr 2026 07:14:10 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 1523499\r\nlast-modified: Tue, 07 Apr 2026 16:01:55 GMT\r\netag: \"69d52a73-1bbf2b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\ncontent-range: bytes 294912-1818410/1818411\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":540672,"size_decoded":0,"mime_type":"video/mp4","magic":"data","md5":"9fe0bace0b0f742166721ff02317b221","sha1":"cd0389de3a0d8ac57dd19a92e236125dfc015922","sha256":"0a7ead30c8712a0ecd78363c1de979497e17e58bcefa44cd80842e5468c2fa93","sha512":"7525e05166cce4d0fe51524ef7aefda2334fda01ff12612e8b86f69c8a44218b1ddb7f12297847ba5cca2e73bcaf113ad7c1cb65c055f7e45b594ffc6ccf5d6f","ssdeep":"12288:3DWI/Sx5g9pssl13I0xv6NcyGKQUVDACrmtb4H8yzrL4xV5D2:37/SxKpsUBI0YTlmCrmucFVd2","tlshash":"69b423b3d4525e0d99fc0082cf1f6e97452961e92faf981e8b466460f7b9027f809e78","first_seen":"2026-04-15T07:14:37.114148Z","last_seen":"2026-04-15T07:14:37.114148Z","times_seen":1,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"theokanegroup.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"theokanegroup.com/","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"ip":{"addr":"91.92.241.159","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-15T07:14:09.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"theokanegroup.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Apr 2026 14:55:40 GMT","end":"Mon, 06 Jul 2026 14:55:39 GMT"},"fingerprint":{"sha1":"C9:92:D0:D3:92:DF:1F:AA:24:14:27:AC:48:26:71:93:2F:F3:7B:79","sha256":"7E:80:34:89:06:4F:AB:F1:3D:80:99:48:D9:36:2B:4E:11:1D:74:75:DE:B9:2C:6C:61:4E:1B:EC:52:E2:6F:6F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: theokanegroup.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Apr 2026 07:14:09 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 25980\r\nlast-modified: Tue, 07 Apr 2026 16:01:56 GMT\r\netag: \"1af6e-64ee0e711538b-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":110446,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (966), with CRLF line terminators","md5":"4bc70e925e059eff27eb37f6fd265b32","sha1":"1c13862fcced5e13436718af637a6e68f451ec96","sha256":"92c435eb7ac9d42597b9d13844445f56b0a96f9bfdef3c3ed6b97256d61bccfb","sha512":"832d7ae390833d7b3b8e7a64fdc13c50a666674284e35112f906a8c439d52c6a3c912dc3183c4cd71c8ab489acd40116ed0f27b6064dc6b0a761087f4efc10cc","ssdeep":"1536:uB6bPGIyIOi5izTgiB4cLMm8KmGn7tlt2MrVT94VDS1s613j2agjRgau1wD02Bnz:MMmF7tltrrZ94lL4iagNgau1wD0mKNa","tlshash":"51b3f7ad987092404c33b3d4aa974b0efb78520bf14645de78bd82ab1fbc864d177e54","first_seen":"2026-04-15T07:14:37.116441Z","last_seen":"2026-04-15T07:14:52.145783Z","times_seen":2,"resource_available":true,"data":null}},"time_used":535,"timings":{"blocked":205,"dns":78,"connect":58,"send":0,"wait":64,"receive":59,"ssl":67},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"theokanegroup.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600\u0026family=Poppins:wght@500;700;800\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:09.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:38 GMT","end":"Mon, 15 Jun 2026 08:38:37 GMT"},"fingerprint":{"sha1":"C3:E4:BE:7B:38:DD:F1:59:DC:DF:FA:8A:48:52:C7:1D:D2:BF:F7:5E","sha256":"31:F4:52:B9:AA:C3:06:E9:A3:71:DA:02:A5:63:C9:78:CC:3A:04:07:E1:B4:42:F5:DC:BF:40:0F:BE:3E:6F:9E"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600\u0026family=Poppins:wght@500;700;800\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://theokanegroup.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 15 Apr 2026 07:14:10 GMT\r\ndate: Wed, 15 Apr 2026 07:14:10 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11184,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"02b23b6694fbe7fd1a36767ed653313e","sha1":"825049745fd74b1ba4418b128983677f31f11527","sha256":"25f73eafd706bd4afdf95b16e334fcad8fb9a4cea2511f936108a216253279f2","sha512":"3d502455802227f1dd9ef546c8be9879d618a9dcffea339567d986a170abd5cb6f7c9e03aa92c823b079e8409bb075b8c298809a390197ce185c5c259369ce6e","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlMXr3GRzJ/apsn:vXuM0pT","tlshash":"bc32dd92042be400ab871cc223cf7e3abe8e5185a445d1796ffd0cc9acebd66436576d","first_seen":"2026-03-25T22:57:07.409672Z","last_seen":"2026-04-15T07:14:52.149564Z","times_seen":3,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":120,"dns":1,"connect":21,"send":0,"wait":34,"receive":0,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"theokanegroup.com/1.jpg","fqdn":"theokanegroup.com","domain":"theokanegroup.com","tld":"com"},"ip":{"addr":"91.92.241.159","port":443,"asn":0,"as":"","country":"Bulgaria","country_code":"BG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://theokanegroup.com/","date":"2026-04-15T07:14:09.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"theokanegroup.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Apr 2026 14:55:40 GMT","end":"Mon, 06 Jul 2026 14:55:39 GMT"},"fingerprint":{"sha1":"C9:92:D0:D3:92:DF:1F:AA:24:14:27:AC:48:26:71:93:2F:F3:7B:79","sha256":"7E:80:34:89:06:4F:AB:F1:3D:80:99:48:D9:36:2B:4E:11:1D:74:75:DE:B9:2C:6C:61:4E:1B:EC:52:E2:6F:6F"}}},"request":{"raw":"GET /1.jpg HTTP/1.1\r\nHost: theokanegroup.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://theokanegroup.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Apr 2026 07:14:09 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 158226\r\nlast-modified: Tue, 07 Apr 2026 16:01:58 GMT\r\netag: \"69d52a76-26a12\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":158226,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 784x1168, components 3","md5":"d730c3c4a8f6063aa5ed254054a68821","sha1":"1852b000e462b8e3c7695bed98337dcbed375ef8","sha256":"ba62f756043da2ef9e9216b4acf16112bdafb97133c4f856cd32a9f565eba736","sha512":"33c5629c4dec85de8dbe1fec73db473bca98941f1ca46a328fe3a0c22727afaa04df36a3f7f6dd260e7435150214cd39eb6d863e15ff955c4efd14d9b2b7f284","ssdeep":"3072:3oEvmnVjEH0zNM5HLrUyic+y+Fy/l32ia4MgQM9zgip54z31kVC:YpmnL+etYXgZ9lpI1kY","tlshash":"5ef312d598dd1ed2ca3131ad42e11b99f2e3b600027edcd82ffa1db09599ac36441af3","first_seen":"2026-04-15T07:14:37.120971Z","last_seen":"2026-04-15T07:14:52.164226Z","times_seen":2,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":239,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-15","alert":"Phishing Block","trigger":"theokanegroup.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"theokanegroup.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}