{"report_id":"cf1a7809-6d61-4ec1-9872-9b4eaf0e243f","version":6,"status":"done","tags":[],"date":"2025-11-03T16:42:52Z","url":{"schema":"http","addr":"products-refun49173602.pages.dev/hhkruu.html","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.181","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"products-refun49173602.pages.dev/hhkruu.html","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"title":"Suspected phishing site | Cloudflare","dom":{"size":4090,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (396)","md5":"f4ba132b461497a5f451a6c3ad4c0c2b","sha1":"61a39850ddc20dc54cd23f8a0e6b48021b045630","sha256":"ef64103e1d59903a4748f76534162ab593df107054859412835fb550873db113","sha512":"678bdfee863e783f4cd00c0c93759870734e4331a14483f34892cb8b8fd46be7f4fa661822a3be32ad789f0f79fa1aa59fef92e4750ad649ec0169c55df71519","ssdeep":"","tlshash":"d1815263bafd103e119391b2a6bdb70939a1c007caa6499036bcc2751f4ef92ad532c5","dom_hash":"domhashcd9e1064290e3760e4e259032029bd11","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":"PGh0bWwgY2xhc3M9Im5vLWpzIiBsYW5nPSJlbi1VUyI+PCEtLTwhW2VuZGlmXS0tPjxoZWFkPgogIDx0aXRsZT5TdXNwZWN0ZWQgcGhpc2hpbmcgc2l0ZSB8IENsb3VkZmxhcmU8L3RpdGxlPgogIDxtZXRhIGNoYXJzZXQ9IlVURi04Ij4KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPgo8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UiPgo8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCxpbml0aWFsLXNjYWxlPTEiPgo8bGluayByZWw9InN0eWxlc2hlZXQiIGlkPSJjZl9zdHlsZXMtY3NzIiBocmVmPSIvY2RuLWNnaS9zdHlsZXMvY2YuZXJyb3JzLmNzcyI+CjwhLS1baWYgbHQgSUUgOV0+PGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBpZD0nY2Zfc3R5bGVzLWllLWNzcycgaHJlZj0iL2Nkbi1jZ2kvc3R5bGVzL2NmLmVycm9ycy5pZS5jc3MiIC8+PCFbZW5kaWZdLS0+CjxzdHlsZT5ib2R5e21hcmdpbjowO3BhZGRpbmc6MH08L3N0eWxlPgoKCjwhLS1baWYgZ3RlIElFIDEwXT48IS0tPgo8c2NyaXB0PgogIGlmICghbmF2aWdhdG9yLmNvb2tpZUVuYWJsZWQpIHsKICAgIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCdET01Db250ZW50TG9hZGVkJywgZnVuY3Rpb24gKCkgewogICAgICB2YXIgY29va2llRWwgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY29va2llLWFsZXJ0Jyk7CiAgICAgIGNvb2tpZUVsLnN0eWxlLmRpc3BsYXkgPSAnYmxvY2snOwogICAgfSkKICB9Cjwvc2NyaXB0Pgo8IS0tPCFbZW5kaWZdLS0+CgogIDxzY3JpcHQgc3JjPSJodHRwczovL2NoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20vdHVybnN0aWxlL3YwL2FwaS5qcyIgYXN5bmM9IiIgZGVmZXI9IiI+PC9zY3JpcHQ+CiAgPHNjcmlwdD4KICAgIGZ1bmN0aW9uIG9uVHVybnN0aWxlU3VjY2Vzcyh0b2tlbikgewogICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiYnlwYXNzLWJ1dHRvbiIpLmRpc2FibGVkID0gZmFsc2U7CiAgICB9CiAgPC9zY3JpcHQ+CjwvaGVhZD4KCjxib2R5PgogIDxkaXYgaWQ9ImNmLXdyYXBwZXIiPgogICAgPGRpdiBjbGFzcz0iY2YtYWxlcnQgY2YtYWxlcnQtZXJyb3IgY2YtY29va2llLWVycm9yIiBpZD0iY29va2llLWFsZXJ0IiBkYXRhLXRyYW5zbGF0ZT0iZW5hYmxlX2Nvb2tpZXMiPlBsZWFzZSBlbmFibGUKICAgICAgY29va2llcy4KICAgIDwvZGl2PgogICAgPGRpdiBpZD0iY2YtZXJyb3ItZGV0YWlscyIgY2xhc3M9ImNmLWVycm9yLWRldGFpbHMtd3JhcHBlciI+CiAgICAgIDxkaXYgY2xhc3M9ImNmLXNlY3Rpb24gY2Ytd3JhcHBlciIgc3R5bGU9Im1hcmdpbi10b3A6IDEwMHB4O21hcmdpbi1ib3R0b206MjAwcHg7Ij4KICAgICAgICA8ZGl2IGNsYXNzPSJjZi1jb2x1bW5zIG9uZSI+CiAgICAgICAgICA8ZGl2IGNsYXNzPSJjZi1jb2x1bW4iPgogICAgICAgICAgICA8aDQgY2xhc3M9ImNmLXRleHQtZXJyb3IiPjxpIGNsYXNzPSJjZi1pY29uLWV4Y2xhbWF0aW9uLXNpZ24iIHN0eWxlPSJiYWNrZ3JvdW5kLXNpemU6IDE4cHg7CiAgICAgICAgICAgICAgaGVpZ2h0OiAxOHB4OwogICAgICAgICAgICAgIHdpZHRoOiAxOHB4OwogICAgICAgICAgICAgIG1hcmdpbi1ib3R0b206IDJweDsiPjwvaT4gV2FybmluZzwvaDQ+CgogICAgICAgICAgICAKICAgICAgICAgICAgPGgyIHN0eWxlPSJtYXJnaW46IDE2cHggMDsiPlN1c3BlY3RlZCBQaGlzaGluZzwvaDI+CiAgICAgICAgICAgIDxzdHJvbmc+VGhpcyB3ZWJzaXRlIGhhcyBiZWVuIHJlcG9ydGVkIGZvciBwb3RlbnRpYWwgcGhpc2hpbmcuPC9zdHJvbmc+CiAgICAgICAgICAgIDxwPlBoaXNoaW5nIGlzIHdoZW4gYSBzaXRlIGF0dGVtcHRzIHRvIHN0ZWFsIHNlbnNpdGl2ZSBpbmZvcm1hdGlvbiBieSBmYWxzZWx5IHByZXNlbnRpbmcgYXMgYSBzYWZlIHNvdXJjZS4KICAgICAgICAgICAgPC9wPgogICAgICAgICAgICAKICAgICAgICAgICAgPGZvcm0gYWN0aW9uPSIvY2RuLWNnaS9waGlzaC1ieXBhc3MiIG1ldGhvZD0iR0VUIiBlbmN0eXBlPSJ0ZXh0L3BsYWluIiBzdHlsZT0ibWFyZ2luLXRvcDogMTJweDsiPgogICAgICAgICAgICAgIAogICAgICAgICAgICAgIDxhIGhyZWY9Imh0dHBzOi8vd3d3LmNsb3VkZmxhcmUuY29tL2xlYXJuaW5nL2FjY2Vzcy1tYW5hZ2VtZW50L3BoaXNoaW5nLWF0dGFjay8iIGNsYXNzPSJjZi1idG4iIHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiAjNDA0MDQwOyBjb2xvcjogI2ZmZjsgYm9yZGVyOiAwOyI+TGVhcm4gTW9yZTwvYT4KICAgICAgICAgICAgICAKCiAgICAgICAgICAgICAgCiAgICAgICAgICAgIDwvZm9ybT4KICAgICAgICAgIDwvZGl2PgogICAgICAgIDwvZGl2PgogICAgICA8L2Rpdj48IS0tIC8uc2VjdGlvbiAtLT4KICAgICAgPGRpdiBpZD0idHMtYmxvY2tzIiBzdHlsZT0iZGlzcGxheTpub25lOyI+PC9kaXY+CiAgICAgIDxkaXYgY2xhc3M9ImNmLWVycm9yLWZvb3RlciBjZi13cmFwcGVyIHctMjQwIGxnOnctZnVsbCBweS0xMCBzbTpweS00IHNtOnB4LTggbXgtYXV0byB0ZXh0LWNlbnRlciBzbTp0ZXh0LWxlZnQgYm9yZGVyLXNvbGlkIGJvcmRlci0wIGJvcmRlci10IGJvcmRlci1ncmF5LTMwMCI+CiAgICA8cCBjbGFzcz0idGV4dC0xMyI+CiAgICAgIDxzcGFuIGNsYXNzPSJjZi1mb290ZXItaXRlbSBzbTpibG9jayBzbTptYi0xIj5DbG91ZGZsYXJlIFJheSBJRDogPHN0cm9uZyBjbGFzcz0iZm9udC1zZW1pYm9sZCI+OTk4ZDUzM2Q3YTJlNTZjNzwvc3Ryb25nPjwvc3Bhbj4KICAgICAgPHNwYW4gY2xhc3M9ImNmLWZvb3Rlci1zZXBhcmF0b3Igc206aGlkZGVuIj7igKI8L3NwYW4+CiAgICAgIDxzcGFuIGlkPSJjZi1mb290ZXItaXRlbS1pcCIgY2xhc3M9ImNmLWZvb3Rlci1pdGVtIHNtOmJsb2NrIHNtOm1iLTEiPgogICAgICAgIFlvdXIgSVA6CiAgICAgICAgPGJ1dHRvbiB0eXBlPSJidXR0b24iIGlkPSJjZi1mb290ZXItaXAtcmV2ZWFsIiBjbGFzcz0iY2YtZm9vdGVyLWlwLXJldmVhbC1idG4iPkNsaWNrIHRvIHJldmVhbDwvYnV0dG9uPgogICAgICAgIDxzcGFuIGNsYXNzPSJoaWRkZW4iIGlkPSJjZi1mb290ZXItaXAiPjkxLjkwLjQyLjE1NDwvc3Bhbj4KICAgICAgICA8c3BhbiBjbGFzcz0iY2YtZm9vdGVyLXNlcGFyYXRvciBzbTpoaWRkZW4iPuKAojwvc3Bhbj4KICAgICAgPC9zcGFuPgogICAgICA8c3BhbiBjbGFzcz0iY2YtZm9vdGVyLWl0ZW0gc206YmxvY2sgc206bWItMSI+PHNwYW4+UGVyZm9ybWFuY2UgJmFtcDsgc2VjdXJpdHkgYnk8L3NwYW4+IDxhIHJlbD0ibm9vcGVuZXIgbm9yZWZlcnJlciIgaHJlZj0iaHR0cHM6Ly93d3cuY2xvdWRmbGFyZS5jb20vNXh4LWVycm9yLWxhbmRpbmciIGlkPSJicmFuZF9saW5rIiB0YXJnZXQ9Il9ibGFuayI+Q2xvdWRmbGFyZTwvYT48L3NwYW4+CiAgICAgIAogICAgPC9wPgogICAgPHNjcmlwdD4oZnVuY3Rpb24oKXtmdW5jdGlvbiBkKCl7dmFyIGI9YS5nZXRFbGVtZW50QnlJZCgiY2YtZm9vdGVyLWl0ZW0taXAiKSxjPWEuZ2V0RWxlbWVudEJ5SWQoImNmLWZvb3Rlci1pcC1yZXZlYWwiKTtiJiYiY2xhc3NMaXN0ImluIGImJihiLmNsYXNzTGlzdC5yZW1vdmUoImhpZGRlbiIpLGMuYWRkRXZlbnRMaXN0ZW5lcigiY2xpY2siLGZ1bmN0aW9uKCl7Yy5jbGFzc0xpc3QuYWRkKCJoaWRkZW4iKTthLmdldEVsZW1lbnRCeUlkKCJjZi1mb290ZXItaXAiKS5jbGFzc0xpc3QucmVtb3ZlKCJoaWRkZW4iKX0pKX12YXIgYT1kb2N1bWVudDtkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyJiZhLmFkZEV2ZW50TGlzdGVuZXIoIkRPTUNvbnRlbnRMb2FkZWQiLGQpfSkoKTs8L3NjcmlwdD4KICA8L2Rpdj48IS0tIC8uZXJyb3ItZm9vdGVyIC0tPgoKICAgIDwvZGl2PjwhLS0gLyNjZi1lcnJvci1kZXRhaWxzIC0tPgogIDwvZGl2PjwhLS0gLyNjZi13cmFwcGVyIC0tPgoKICA8c2NyaXB0PgogICAgd2luZG93Ll9jZl90cmFuc2xhdGlvbiA9IHt9OwogICAgCiAgICAKICA8L3NjcmlwdD4KCgo8L2JvZHk+PC9odG1sPg=="}},"submit":{"url":{"schema":"http","addr":"products-refun49173602.pages.dev/hhkruu.html","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"172.66.44.181","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-08T16:42:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":6}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-03T16:42:29Z","timestamp":1762188149,"ip_dst":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.10","port":59644,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)","source":"{\"timestamp\":\"2025-11-03T16:42:29.230184+0000\",\"flow_id\":628404641946263,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":59644,\"dest_ip\":\"188.114.97.1\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2057746,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_11_20\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_11_20\"]}},\"tls\":{\"sni\":\"products-refun49173602.pages.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":934,\"bytes_toclient\":3582,\"start\":\"2025-11-03T16:42:29.219799+0000\"}}"}],"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-03","alert":"Phishing - Facebook, Inc.","trigger":"products-refun49173602.pages.dev/hhkruu.html","verdict":"phishing","severity":"medium","comment":"Facebook, Inc.","link":"https://openphish.com","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-03","alert":"Phishing Block","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-03","alert":"Phishing - Facebook, Inc.","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"Facebook, Inc.","link":"https://openphish.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"products-refun49173602.pages.dev","ip":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-09-02","domain_rank":0,"first_seen":"2025-11-01T17:40:04.608697Z","last_seen":"2025-11-01T17:40:04.608697Z","alert_count":30,"request_count":6,"received_data":37094,"sent_data":2620,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"challenges.cloudflare.com","ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":11393,"first_seen":"2021-10-20T05:02:03Z","last_seen":"2025-11-02T22:17:11.427094Z","alert_count":0,"request_count":2,"received_data":99761,"sent_data":811,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-11-03T16:42:29Z","timestamp":1762188149,"ip_dst":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.10","port":59644,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)","source":"{\"timestamp\":\"2025-11-03T16:42:29.230184+0000\",\"flow_id\":628404641946263,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":59644,\"dest_ip\":\"188.114.97.1\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2057746,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_11_20\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_11_20\"]}},\"tls\":{\"sni\":\"products-refun49173602.pages.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":934,\"bytes_toclient\":3582,\"start\":\"2025-11-03T16:42:29.219799+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"products-refun49173602.pages.dev/hhkruu.html","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ab1ac4cf0f484cc9f859c0a7983353e0","sha1":"2da142b1135bd10cdbed4a7353e4483acc30ebe9","sha256":"50e878a18b2b5be7071dc7c10297381bcfcb55f17c27760ee857af9e31133324","sha512":"9e2901fe2c4505797cbc7d3853280cb3450188bd0cba66ffe5c8055687578c849b31a74c6b56881bb07c195217e9604a88ba6995a4275419ca076424ebe88b0a","ssdeep":"","tlshash":"73d0a72677ee14a8129bb031154e2705212180024002870d7a1c92359fe0e2708259e3","size":210,"data":"","first_seen":"2023-03-07T01:03:09Z","last_seen":"2026-04-03T18:30:05.167503Z","times_seen":346127,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"products-refun49173602.pages.dev/hhkruu.html","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"34df99ef0602560c811e58e4711c99e3","sha1":"88dea8841635da3e1130ce19e3718ceb17a95a35","sha256":"18a52fd2cc16c86bcba28796b0e231144f219cc87e049c41d9d378b880a42fba","sha512":"df8104390e5066c45a916d84fbfe2f754d6a94cf429dd6cf62e207193f298db51f17567e50c87bc2842e2a0888ed75fc564066ec863dfcbf9b4362b9bcc8a7bc","ssdeep":"","tlshash":"ebb0929f218316b4179e3a76d02a43667620501244199800fd1ca6948f9195a808bd4d","size":115,"data":"","first_seen":"2025-04-28T14:01:07.115316Z","last_seen":"2026-04-03T18:30:05.168185Z","times_seen":118962,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"products-refun49173602.pages.dev/hhkruu.html","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"56df91490fa1984fa82b297dcb23c22d","sha1":"2050f127b73f50d21eb9b0a2a3f2aea7d4372ba9","sha256":"275407540ae2d5516300e4027ce994e1c97f958d464e137d0fff116d7acf0f24","sha512":"537ac565ea049803015a3b15881913d8179eafc11f95ac99dfe0ee842ac3d496ea3c6e1c167274357b7443e32ea9efab72400b95798479c5a5c81c9aabc88e8b","ssdeep":"","tlshash":"bbe0dfbbbb192e3906efa67771aee74a3676c091acc05560092ccc940b3fec4d03a1d4","size":375,"data":"","first_seen":"2023-03-07T01:03:09Z","last_seen":"2026-04-03T18:32:03.558622Z","times_seen":395388,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"products-refun49173602.pages.dev/hhkruu.html","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"16f6161217e242dffadf4241d174abcc","sha1":"304832d02caf7b8a45ea29c321993d7eba48be67","sha256":"390eefa5af21228aaab4bb7eb68043b2468a645b3c861aaba17b226cc8c05d95","sha512":"886e6c321c801fa26a1363e65eb9ddd6f15617044d57f2b458d235cb396119dbc35e216178258e47ed6a73ad9a6f558e12605621bb3bae8e463c56ae6f9f6d18","ssdeep":"","tlshash":"869004534011730005710337175555403335501310314c0437cdc1153f51f57cf05340","size":46,"data":"","first_seen":"2025-03-04T09:24:28.966015Z","last_seen":"2026-04-03T18:31:38.461614Z","times_seen":209497,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"eba9f7820c40409c59716be12ee33e39","sha1":"7813932b24d9dbea482f31e212531e5d732275f8","sha256":"ce1490c69bd01a0c8eb1351a5f2565e33f7eaa2a347f7d4cc5dfbf2c5507319b","sha512":"0488e30fe633f6ec6089f9953eeffe437f63bfac317977e2b27a22e7c0ad41c7b90f84e2d2361ae499a4c9cd3a0eb28e7834c79949694bb79c0dd018c518f4c4","ssdeep":"768:1C6jR2KMga+LUU6c9Db69qBuug2Uw5jOyhzVNY1EbV9tGcpfBgQfuWVuY8t:r2Pga+LUU6cRxuX2bhmDt","tlshash":"8e232a583256397226d980e0b17b63437326753ae94ccc50a423d936267cecad233fba","size":49429,"data":"","first_seen":"2025-10-31T18:17:03.300524Z","last_seen":"2025-11-07T16:37:25.743962Z","times_seen":3237,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"products-refun49173602.pages.dev/hhkruu.html","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-03T16:42:29.352Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /hhkruu.html HTTP/1.1\r\nHost: products-refun49173602.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nDate: Mon, 03 Nov 2025 16:42:29 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nReferrer-Policy: same-origin\r\nX-Frame-Options: SAMEORIGIN\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7wYc80mkkjVvLZkc%2BBGgyKxz7Q3kPPZ6DyffdNXgF3bkyIR136lZNgmq6zy1A5o3Axy2m1tEwBi9dxUELcQ1BhQE9qdZpQ6zhIet9SkcLysipsM3V7rKXbSU5bjaDg%3D%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 998d533d7a2e56c7-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4386,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (396)","md5":"b9e5009bbc632f971936a00fe978c9f1","sha1":"5e3a6f5e08cfe958d055320684b332515f1d11fa","sha256":"b60018c4bd4f70ca343ea1265ea2910f0e08d357048012618cbf8afd5d4dc157","sha512":"4997b24715d9f0e56d7613872b6240d26032df0767196633d7c96cfee3d86bb2b74b365cb227ca8f4b73cd83bc71e52ccd378e28fac7da36382635d035fea9ae","ssdeep":"96:fjFj7jOjEHDK/D5DMFGzLeiO/t8G2uvG7RLlvaQxvbzM:fjFj7jOjEjK/VounOVGuvG71lCejzM","tlshash":"c8914266fabd107f20d3917361bd630a7aa1c043da9608907abcc2751f8af95aa131c5","first_seen":"2025-11-03T16:42:56.137441Z","last_seen":"2025-11-03T16:42:56.137441Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-03","alert":"Phishing - Facebook, Inc.","trigger":"products-refun49173602.pages.dev/hhkruu.html","verdict":"phishing","severity":"medium","comment":"Facebook, Inc.","link":"https://openphish.com","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-03","alert":"Phishing Block","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://products-refun49173602.pages.dev/hhkruu.html","date":"2025-11-03T16:42:29.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 18:59:09 GMT","end":"Wed, 21 Jan 2026 19:59:05 GMT"},"fingerprint":{"sha1":"62:5E:2A:E5:F4:DE:73:E8:94:15:72:65:28:EB:70:25:A8:D2:E7:61","sha256":"2D:41:D6:2B:6A:BB:89:80:01:28:9F:35:0B:2B:F4:6C:0D:B6:B1:E4:7E:E4:AC:35:2A:E0:69:DB:94:45:F7:D3"}}},"request":{"raw":"GET /turnstile/v0/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Mon, 03 Nov 2025 16:42:29 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public\r\ncross-origin-resource-policy: cross-origin\r\nlocation: /turnstile/v0/b/e8e65e95f26d/api.js\r\nvary: accept-encoding\r\nserver: cloudflare\r\ncf-ray: 998d533e8cbd723c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49429,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":17,"dns":1,"connect":1,"send":0,"wait":4,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"products-refun49173602.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://products-refun49173602.pages.dev/hhkruu.html","date":"2025-11-03T16:42:29.554Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1\r\nHost: products-refun49173602.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://products-refun49173602.pages.dev/cdn-cgi/styles/cf.errors.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 03 Nov 2025 16:42:29 GMT\r\nContent-Type: image/png\r\nContent-Length: 452\r\nConnection: keep-alive\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L%2BvhO6qr1NiC0tCU2ZwoXyLVOiklYNc27K7vNkjgOnAnzZa1fSIsVZsOpISvX%2BJ0A5YeY4wY89ephREIES7RptfVmTSyTo7Df6y%2FHygB8dLqZOQwJ7GkJqt67iOfew%3D%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 998d533ebb9d56c7-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":452,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 54 x 54, 8-bit colormap, non-interlaced","md5":"c33de66281e933259772399d10a6afe8","sha1":"b9f9d500f8814381451011d4dcf59cd2d90ad94f","sha256":"f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016","sha512":"5834fb9d66f550e6cecfe484b7b6a14f3fca795405dece8e652bd69ad917b94b6bbdcdf7639161b9c07f0d33eabd3e79580446b5867219f72f4fc43fd43b98c3","ssdeep":"","tlshash":"14f05c45c595e9f5a90330586311ca15ab7701c6276726c9d3854032a456482ca97f86","first_seen":"2023-04-12T19:44:04Z","last_seen":"2026-04-03T18:30:05.149323Z","times_seen":297319,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-03","alert":"Phishing - Facebook, Inc.","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"Facebook, Inc.","link":"https://openphish.com/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-03","alert":"Phishing Block","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/b/e8e65e95f26d/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://products-refun49173602.pages.dev/hhkruu.html","date":"2025-11-03T16:42:29.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 18:59:09 GMT","end":"Wed, 21 Jan 2026 19:59:05 GMT"},"fingerprint":{"sha1":"62:5E:2A:E5:F4:DE:73:E8:94:15:72:65:28:EB:70:25:A8:D2:E7:61","sha256":"2D:41:D6:2B:6A:BB:89:80:01:28:9F:35:0B:2B:F4:6C:0D:B6:B1:E4:7E:E4:AC:35:2A:E0:69:DB:94:45:F7:D3"}}},"request":{"raw":"GET /turnstile/v0/b/e8e65e95f26d/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 03 Nov 2025 16:42:29 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Fri, 31 Oct 2025 16:21:43 GMT\r\npriority: u=3,i=?0\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 998d533ee99156ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49429,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (49428)","md5":"eba9f7820c40409c59716be12ee33e39","sha1":"7813932b24d9dbea482f31e212531e5d732275f8","sha256":"ce1490c69bd01a0c8eb1351a5f2565e33f7eaa2a347f7d4cc5dfbf2c5507319b","sha512":"0488e30fe633f6ec6089f9953eeffe437f63bfac317977e2b27a22e7c0ad41c7b90f84e2d2361ae499a4c9cd3a0eb28e7834c79949694bb79c0dd018c518f4c4","ssdeep":"768:1C6jR2KMga+LUU6c9Db69qBuug2Uw5jOyhzVNY1EbV9tGcpfBgQfuWVuY8t:r2Pga+LUU6cRxuX2bhmDt","tlshash":"8e232a583256397226d980e0b17b63437326753ae94ccc50a423d936267cecad233fba","first_seen":"2025-10-31T18:17:03.300524Z","last_seen":"2025-11-07T16:37:25.743962Z","times_seen":3237,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"products-refun49173602.pages.dev/favicon.ico","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://products-refun49173602.pages.dev/hhkruu.html","date":"2025-11-03T16:42:29.674Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: products-refun49173602.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://products-refun49173602.pages.dev/hhkruu.html\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Mon, 03 Nov 2025 16:42:29 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLocation: https://products-refun49173602.pages.dev/favicon.ico\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AldiOasot07z1kCspCJ5Q7tPry34I2zkBg%2FIcJ42bgjJeJkj7d0M4CPbtdggMZtc0F3PtUzIusi24q9sGFwkTbDOyNFBVysSdvBYKkOYJ9Ak8NHsYrU54xd%2F6C1S0g%3D%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 998d533f7c6a56c7-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-03","alert":"Phishing Block","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-03","alert":"Phishing - Facebook, Inc.","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"Facebook, Inc.","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"products-refun49173602.pages.dev/hhkruu.html","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-03T16:42:29.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"products-refun49173602.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 11:54:28 GMT","end":"Tue, 27 Jan 2026 12:53:08 GMT"},"fingerprint":{"sha1":"41:1C:95:84:FC:6E:BE:D3:63:2C:5B:07:24:F5:25:5C:11:E1:18:62","sha256":"81:80:1C:D8:1A:7C:0C:78:C3:BC:61:82:1E:51:5E:C9:69:BA:DC:34:D6:2F:91:7C:98:7A:8A:F5:3B:31:11:5F"}}},"request":{"raw":"GET /hhkruu.html HTTP/1.1\r\nHost: products-refun49173602.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Mon, 03 Nov 2025 16:42:29 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9N0iqgNZZLgklkmViFi3FMohvn3owfneTcWoyXJazowguGt90iLnCXtFrKe%2F%2BbnmwohYQayPAlCkuPnt5NcjwYQJLYmL30TfgcHH5gTFM%2BgG7hI7X4xl9%2FFOmrRczA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 998d533cce825695-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4386,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (396)","md5":"4d8b402df44d1ae36fad35aaa9b7c171","sha1":"99a2a78b168edf2c216d2109a11abadad1050e86","sha256":"13feaefca8f26febd70102cbfaa134195a7d80f772f64377f86dd0958a39b477","sha512":"1908ff802c0b62be9f76f04760b528064cf1160df41d4761b74e68265913c00de7ba75da712c3994308c8abe702eea593a004b85f0762dead0102802fd3a4edc","ssdeep":"96:fjFj7jOjEHDK/D5DMFGzLeiO/t8G2uvY7RLlvaQxvbzM:fjFj7jOjEjK/VounOVGuvY71lCejzM","tlshash":"8c915266fabd107f20d3917361bda30a7aa1c003da9708907abcc2351f8af95aa131c5","first_seen":"2025-11-03T16:42:56.148053Z","last_seen":"2025-11-03T16:42:56.148053Z","times_seen":1,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":42,"dns":17,"connect":3,"send":0,"wait":9,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-03","alert":"Phishing - Facebook, Inc.","trigger":"products-refun49173602.pages.dev/hhkruu.html","verdict":"phishing","severity":"medium","comment":"Facebook, Inc.","link":"https://openphish.com","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-03","alert":"Phishing Block","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"products-refun49173602.pages.dev/cdn-cgi/styles/cf.errors.css","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://products-refun49173602.pages.dev/hhkruu.html","date":"2025-11-03T16:42:29.504Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /cdn-cgi/styles/cf.errors.css HTTP/1.1\r\nHost: products-refun49173602.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://products-refun49173602.pages.dev/hhkruu.html\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 03 Nov 2025 16:42:29 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: accept-encoding\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OTtzoc2JHHIBDCjimAItgQlmPq87x8ZIB4Tiylhqy88ThqgqSnxO9bLmsiLrrmvp3cqcuLu4W2SGzETzyVyQ3UlesONUy%2BeIoaW3MDWhRBtvoKIM6AwXO33oCUqMrQ%3D%3D\"}]}\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nContent-Encoding: gzip\r\nServer: cloudflare\r\nCF-RAY: 998d533e6b3656c7-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24051,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (24050)","md5":"5e8c69a459a691b5d1b9be442332c87d","sha1":"f24dd1ad7c9080575d92a9a9a2c42620725ef836","sha256":"84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091","sha512":"6db74b262d717916de0b0b600eead2cc6a10e52a9e26d701fae761fcbc931f35f251553669a92be3b524f380f32e62ac6ad572bea23c78965228ce9efb92ed42","ssdeep":"192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk","tlshash":"86b21323e5f5381a2516a13ca08a92dc69356073f7f30e9eb985d06cd78dd791f226c3","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T18:30:05.14361Z","times_seen":414796,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-03","alert":"Phishing Block","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-03","alert":"Phishing - Facebook, Inc.","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"Facebook, Inc.","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"products-refun49173602.pages.dev/favicon.ico","fqdn":"products-refun49173602.pages.dev","domain":"products-refun49173602.pages.dev","tld":"pages.dev"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://products-refun49173602.pages.dev/hhkruu.html","date":"2025-11-03T16:42:29.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"products-refun49173602.pages.dev","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 11:54:28 GMT","end":"Tue, 27 Jan 2026 12:53:08 GMT"},"fingerprint":{"sha1":"41:1C:95:84:FC:6E:BE:D3:63:2C:5B:07:24:F5:25:5C:11:E1:18:62","sha256":"81:80:1C:D8:1A:7C:0C:78:C3:BC:61:82:1E:51:5E:C9:69:BA:DC:34:D6:2F:91:7C:98:7A:8A:F5:3B:31:11:5F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: products-refun49173602.pages.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Mon, 03 Nov 2025 16:42:29 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\ncache-control: no-store\r\nreferrer-policy: strict-origin-when-cross-origin\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h5yFlYs5V7TtbDaX7t0793VO2EY3ti0XBBAAozAAnsa4cnTHBUiv%2FhMujzEzj45IJLEQ4bzfW8Fyg92I52FGu8r%2Fu6xEiJIkGNX08pGGlKoFCQlfaavuVjnu9235UWIo\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 998d533fa8bf0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":37,"receive":2,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-03","alert":"Phishing Block","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-03","alert":"Phishing - Facebook, Inc.","trigger":"products-refun49173602.pages.dev","verdict":"phishing","severity":"medium","comment":"Facebook, Inc.","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-03","alert":"Sinkholed","trigger":"products-refun49173602.pages.dev","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}