{"report_id":"d108c025-68be-40ab-919b-c66899031997","version":0,"status":"done","tags":[],"date":"2026-06-12T09:06:08Z","url":{"schema":"http","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"172.67.140.218","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"title":"Track \u0026 Trace","dom":{"size":9178,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (350)","md5":"8913ef96d9b409d36b87f86ed08b1c3f","sha1":"2b600e8591b64d0ca04e352530c5ea2993d7286c","sha256":"d5bd9602ef6dde87d81b331f06d0e0069ed403d7ffa8c09b4a1fde01f73bb28d","sha512":"c1481952f60edaa17569a06b86e8ce37c3a64218f24d77ca54a47b516e179846991ba043feb8b3b54e8e06dc5a93e2e18fadb97ec0b342433d19f97c7867217b","ssdeep":"192:MIYEVJEA21ewLsG18vYgLlTRk3iOcwOW3I6VCDLeaQ5iK+amXiniJis:M0kAFwIGoLlTRk3iOcwOkJ8RtKYiniJL","tlshash":"2e120cb0419c1d7611d3028a31702a8e78dfde36da7b8595fbff43440bc6ec6999a226","dom_hash":"domhash8ab489d80a08dc37bcfb35a5cf124ef0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"172.67.140.218","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-17T09:06:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-06-07T22:40:26.930816Z","alert_count":0,"request_count":1,"received_data":90784,"sent_data":500,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-06-07T22:44:32.204356Z","alert_count":0,"request_count":2,"received_data":277535,"sent_data":1023,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"natureviewer.in","ip":{"addr":"172.67.192.18","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-19","domain_rank":3343791,"first_seen":"2023-06-19T11:10:09Z","last_seen":"2026-06-05T10:09:51.680019Z","alert_count":0,"request_count":1,"received_data":780,"sent_data":584,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.google.no","ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2001-02-26","domain_rank":92680,"first_seen":"2012-06-26T23:22:08Z","last_seen":"2026-06-07T23:11:32.887116Z","alert_count":0,"request_count":1,"received_data":578,"sent_data":785,"comment":"","tags":null,"fingerprints":null},{"fqdn":"headcage.info","ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-07","domain_rank":0,"first_seen":"2026-06-11T16:48:03.148437Z","last_seen":"2026-06-11T16:48:03.148437Z","alert_count":36,"request_count":12,"received_data":428618,"sent_data":7190,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.6.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Bootstrap:5.2.3","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-06-07T22:29:27.813409Z","alert_count":0,"request_count":1,"received_data":485116,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"95e4a735d65ac94def4aaadaca210455","sha1":"35ed4168cb66c34980e687d42c48192255e29bdf","sha256":"3a2f0be613e05ba2e0998ade190208e1a642a8d0c3b64f89d1372d213586d9b2","sha512":"47a63fb6351d803e4bc011f56eb38afac659875be95e8195bf17b4090d2efda329b129ca3ba321f41e110c1b2712233c7e1789e1f6ce5ca927ee680075b58b85","ssdeep":"","tlshash":"86f09e49f7850e5d78f2001d509e28a81cbc4673cc570cd1b3a442948bf6e9c94ecf1c","size":655,"data":"","first_seen":"2026-06-07T11:11:05.525159Z","last_seen":"2026-06-18T11:27:00.818908Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e5fc3ffb2a1ca394fa5814cb34caa601","sha1":"1236916a4dde3762e918bef4e66d88c942face1a","sha256":"0717438fae92a2f6c6596a9feedbf87b028dda4817ed157f6fc85a9917940237","sha512":"980ecef9bd483ce034735a7adc3494bdaaacb1ab2d0c746ec49d5da4e28ac561848720888904bbefaabd5a1235f4c1b0c617694c04bdfcd4393cbb2728f0aff6","ssdeep":"","tlshash":"ecc08c8c210b4c7091da2a010b7fa140f0092202a4a01821381f23049f20f279b08818","size":169,"data":"","first_seen":"2026-06-09T14:04:08.320062Z","last_seen":"2026-06-21T14:44:25.194574Z","times_seen":152,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6d42673fe36f0fd8bb94fb6d6a3806ba","sha1":"68448b830a439770b226f01af1772df4da5158b4","sha256":"3e791b344714348fcdf532dc5f4682f8298547cfcb46291fb30476683ab61f1d","sha512":"663c210b0e24392bb3d717cc06a0d8457e33e86497ca4040b73c0b1d6476ebcb86b0a621deb3dd01214c30d8708f1cb2ec66879967f690ce791c25891392d5b7","ssdeep":"","tlshash":"91f04996fb6f062808ad525b2a6507c93c3cd4368d035dccad3c64b074aef95808bb59","size":655,"data":"","first_seen":"2026-06-07T11:11:05.526653Z","last_seen":"2026-06-18T11:27:00.835199Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"95e4a735d65ac94def4aaadaca210455","sha1":"35ed4168cb66c34980e687d42c48192255e29bdf","sha256":"3a2f0be613e05ba2e0998ade190208e1a642a8d0c3b64f89d1372d213586d9b2","sha512":"47a63fb6351d803e4bc011f56eb38afac659875be95e8195bf17b4090d2efda329b129ca3ba321f41e110c1b2712233c7e1789e1f6ce5ca927ee680075b58b85","ssdeep":"","tlshash":"86f09e49f7850e5d78f2001d509e28a81cbc4673cc570cd1b3a442948bf6e9c94ecf1c","size":655,"data":"","first_seen":"2026-06-07T11:11:05.525159Z","last_seen":"2026-06-18T11:27:00.818908Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e5fc3ffb2a1ca394fa5814cb34caa601","sha1":"1236916a4dde3762e918bef4e66d88c942face1a","sha256":"0717438fae92a2f6c6596a9feedbf87b028dda4817ed157f6fc85a9917940237","sha512":"980ecef9bd483ce034735a7adc3494bdaaacb1ab2d0c746ec49d5da4e28ac561848720888904bbefaabd5a1235f4c1b0c617694c04bdfcd4393cbb2728f0aff6","ssdeep":"","tlshash":"ecc08c8c210b4c7091da2a010b7fa140f0092202a4a01821381f23049f20f279b08818","size":169,"data":"","first_seen":"2026-06-09T14:04:08.320062Z","last_seen":"2026-06-21T14:44:25.194574Z","times_seen":152,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6d42673fe36f0fd8bb94fb6d6a3806ba","sha1":"68448b830a439770b226f01af1772df4da5158b4","sha256":"3e791b344714348fcdf532dc5f4682f8298547cfcb46291fb30476683ab61f1d","sha512":"663c210b0e24392bb3d717cc06a0d8457e33e86497ca4040b73c0b1d6476ebcb86b0a621deb3dd01214c30d8708f1cb2ec66879967f690ce791c25891392d5b7","ssdeep":"","tlshash":"91f04996fb6f062808ad525b2a6507c93c3cd4368d035dccad3c64b074aef95808bb59","size":655,"data":"","first_seen":"2026-06-07T11:11:05.526653Z","last_seen":"2026-06-18T11:27:00.835199Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-21T14:30:57.566767Z","times_seen":374651,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"95e4a735d65ac94def4aaadaca210455","sha1":"35ed4168cb66c34980e687d42c48192255e29bdf","sha256":"3a2f0be613e05ba2e0998ade190208e1a642a8d0c3b64f89d1372d213586d9b2","sha512":"47a63fb6351d803e4bc011f56eb38afac659875be95e8195bf17b4090d2efda329b129ca3ba321f41e110c1b2712233c7e1789e1f6ce5ca927ee680075b58b85","ssdeep":"","tlshash":"86f09e49f7850e5d78f2001d509e28a81cbc4673cc570cd1b3a442948bf6e9c94ecf1c","size":655,"data":"","first_seen":"2026-06-07T11:11:05.525159Z","last_seen":"2026-06-18T11:27:00.818908Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e5fc3ffb2a1ca394fa5814cb34caa601","sha1":"1236916a4dde3762e918bef4e66d88c942face1a","sha256":"0717438fae92a2f6c6596a9feedbf87b028dda4817ed157f6fc85a9917940237","sha512":"980ecef9bd483ce034735a7adc3494bdaaacb1ab2d0c746ec49d5da4e28ac561848720888904bbefaabd5a1235f4c1b0c617694c04bdfcd4393cbb2728f0aff6","ssdeep":"","tlshash":"ecc08c8c210b4c7091da2a010b7fa140f0092202a4a01821381f23049f20f279b08818","size":169,"data":"","first_seen":"2026-06-09T14:04:08.320062Z","last_seen":"2026-06-21T14:44:25.194574Z","times_seen":152,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6d42673fe36f0fd8bb94fb6d6a3806ba","sha1":"68448b830a439770b226f01af1772df4da5158b4","sha256":"3e791b344714348fcdf532dc5f4682f8298547cfcb46291fb30476683ab61f1d","sha512":"663c210b0e24392bb3d717cc06a0d8457e33e86497ca4040b73c0b1d6476ebcb86b0a621deb3dd01214c30d8708f1cb2ec66879967f690ce791c25891392d5b7","ssdeep":"","tlshash":"91f04996fb6f062808ad525b2a6507c93c3cd4368d035dccad3c64b074aef95808bb59","size":655,"data":"","first_seen":"2026-06-07T11:11:05.526653Z","last_seen":"2026-06-18T11:27:00.835199Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-MB2WV0SZV7","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b4d627a12a7d58961a9cef8c9293d0bd","sha1":"df5f0579135f6fc4f30d53aa67e2aef2488a087c","sha256":"3825b7029721da9626e14a4a7ad215be71ea027dda9719a6c972c5ea6f703a56","sha512":"2dbfdef87cfd48bb4a1a8209ea1d4fda9fb656637704c27179032010a0e932cdde89259d2874279f6da2f450c217b17b09e6297423be22ca4f7c6a04fa293ae3","ssdeep":"6144:S8HbRknTI8s5XtjLEEQT1TpqBEzVTI1Ce8G3h7Y1MDUf:T+nTsEZXysL","tlshash":"c1a4e9ceb3d674225296f478903f01cba57b29e2b448c899f189cce42e7469a4177f7c","size":484512,"data":"","first_seen":"2026-06-12T09:06:11.056811Z","last_seen":"2026-06-12T09:06:11.056811Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"641dd14370106e992d352166f5a07e99","sha1":"eda46747c71d38a880bee44f9a439c3858bb8f99","sha256":"a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af","sha512":"a6e981b23351186aa43f32879dd64c6801be6e2af7ef8b0e472cccdeeba52d5d7894de4bcb292a364f1e11e525524077534338140a72687ada4fae62849843a5","ssdeep":"1536:IjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvg:IeeIygP3fulzhsz8jlvaDioQ47GKH","tlshash":"d193f8ddb2c6702247a770ba007f510bf236199d684d8450f269d8e9bc78a4e827bf7d","size":89795,"data":"","first_seen":"2023-03-26T04:59:07Z","last_seen":"2026-06-21T13:16:00.206657Z","times_seen":25365,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b75ae000439862b6a97d2129c85680e8","sha1":"90d15036ef48fcb336a135bae812b45669f19044","sha256":"9520018fa5d81f4e4dc9d06afb576f90cbbaba209cfcc6cb60e1464647f7890b","sha512":"8bd7047c9c14c158843c529d0b57a7cf86511818fc610a3a401c854c5f766171e2ef0682ab27b1bd10fbe52e4d553b12893bfbaca5aa1bd639785c6646c3a7d0","ssdeep":"1536:p4SMTGR2t4n+3ifBHJR9WbUHk3j8YY+PwRM3CGJI9BqQM6kF:b4Fj8GPwRM3CiI9Bt8","tlshash":"6973c6593254b4770ade45b68037420bf2265d98b24b802cb5bcadde2a7dc863277f7c","size":80420,"data":"","first_seen":"2023-03-08T16:08:57Z","last_seen":"2026-06-21T13:06:19.480753Z","times_seen":8645,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-12T09:05:45.075Z","timestamp":1781255145075,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /Q0g0MS1OMTUxNS1EMDkwNjA2?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8= HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 301 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: text/html\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlocation: http://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=\r\npriority: u=0,i\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4oY%2B8K3jHyl3US1FyUgKd6MRd0viwiBUGkAMtgyeJ4n5qdPb85nhAzO1uQ5WyQxi6%2BdwY%2FYqmcYoDoLFS8U2Mg%2B9O23rsJti622TQi2rjh9JKVfcENf1TFEolj0VPPAF\"}]}\r\ncf-ray: a0a7b211fd4d5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-21T14:29:50.155854Z","times_seen":16610422,"resource_available":true,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":177,"connect":19,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-MB2WV0SZV7","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.850Z","timestamp":1781255145850,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:36:26 GMT","end":"Mon, 17 Aug 2026 08:36:25 GMT"},"fingerprint":{"sha1":"B1:69:2D:8A:87:48:5C:47:05:41:5B:52:3B:0E:2C:E9:BD:CC:03:75","sha256":"91:1E:26:69:78:6C:F7:F4:05:E8:B1:07:F4:04:FB:66:B9:20:6A:EB:43:9D:02:70:C8:AF:60:8C:BB:58:30:4F"}}},"request":{"raw":"GET /gtag/js?id=G-MB2WV0SZV7 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: zstd\r\nvary: Accept-Encoding\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\nexpires: Fri, 12 Jun 2026 09:05:45 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 163980\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":484512,"size_decoded":164584,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6033)","md5":"b4d627a12a7d58961a9cef8c9293d0bd","sha1":"df5f0579135f6fc4f30d53aa67e2aef2488a087c","sha256":"3825b7029721da9626e14a4a7ad215be71ea027dda9719a6c972c5ea6f703a56","sha512":"2dbfdef87cfd48bb4a1a8209ea1d4fda9fb656637704c27179032010a0e932cdde89259d2874279f6da2f450c217b17b09e6297423be22ca4f7c6a04fa293ae3","ssdeep":"6144:S8HbRknTI8s5XtjLEEQT1TpqBEzVTI1Ce8G3h7Y1MDUf:T+nTsEZXysL","tlshash":"c1a4e9ceb3d674225296f478903f01cba57b29e2b448c899f189cce42e7469a4177f7c","first_seen":"2026-06-12T09:06:11.056811Z","last_seen":"2026-06-12T09:06:11.056811Z","times_seen":1,"resource_available":true,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":2,"connect":15,"send":0,"wait":45,"receive":53,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/img/trk-i.png","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.868Z","timestamp":1781255145868,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /Q0g0MS1OMTUxNS1EMDkwNjA2/img/trk-i.png HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: image/png\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 09 Jun 2026 10:42:17 GMT\r\npriority: u=5,i\r\netag: \"6a27ee09-108d\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uRTukyntxd9%2B6XMpx2IsDoDPiEulJHRqhqkkR1EqFX3cBbBXfA1O3zfm27whexBBQeoz19f8LNOJdnAK1hKb7kUtrbObMMSH%2FV8nZAMS8xLg41hw%2BvSEZmJdiRJZTw3M\"}]}\r\ncontent-length: 4237\r\ncf-ray: a0a7b215bd6d5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4237,"size_decoded":4926,"mime_type":"image/png","magic":"PNG image data, 128 x 80, 8-bit/color RGBA, non-interlaced","md5":"e633e9a7cecaebfb9d9a7a6bb944cb7f","sha1":"b42b9b919a5daab054d42394a6b4ba6ce0ce332e","sha256":"3182db0b463d052f9710a9772efb53c7c505be5bdc43e964b0b6227fde9d8002","sha512":"2c13ce5f6a237ffc3e4e71666a9bc1dec9989e573d80cdbda6284045f367d22bd9d5022095e79ed79bfd30975f86e7558cc8ebe4f245cf5e554adb87ed46f75e","ssdeep":"96:VSTknmWI4ysUGk+IkHfLmqH0jQ5GwCnuTIKIPyZ39TBxA82n7OpaWqT:VSTkn/PIk/HLOnh43xXA82n7OparT","tlshash":"1a912acef5216d444688be0726e9510756bb4390eac0c055f4eec82358904b6ce0e8da","first_seen":"2023-05-19T03:37:17Z","last_seen":"2026-06-18T11:27:00.793544Z","times_seen":110,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/css/track-loader.css","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.843Z","timestamp":1781255145843,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /Q0g0MS1OMTUxNS1EMDkwNjA2/css/track-loader.css HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 09 Jun 2026 10:42:00 GMT\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\netag: \"6a27edf8-153f\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=reL%2F5uPWz%2Fu0dJ1L32HI9v4KPkjMuMz6sMfH0AS6lP1AmC0eBigVUOLu27Kdtmkvp8lWlRE7KPsOFlDmbQxdrQ4YhywGGTP8%2BZeOxTZ90aV3K019p3d%2Fqt27mrtFf%2FWy\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0a7b2158d665fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5439,"size_decoded":2103,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"620e9eb489c2851e5d7f6e4ea1ebacef","sha1":"bab506bb93aa2482a1bff507e0254c64d492e2c5","sha256":"a6290d462fbb7cda0f1074fa3faa2063576f12a02b715315751f9ad855bd1004","sha512":"2d05b2174e02aed2a268f6280507ead32f08fb151472269fe79525e568e73c78dd184a36540e829a8b281c1c521545ba465211a1bdbc48b883a09417cbfbb83d","ssdeep":"96:RDIS5PkiqA+Fj3PGiO9qM/7Xso5l1RvmPg2KT9Chw9CL:RES58j7Fj3PGiaqMjVRmPgHiL","tlshash":"b4b1ed1a8a651904b0bbe3bdaba20355d6ab0043c62745ccbbdd63118f745889d66fe4","first_seen":"2025-06-27T16:49:48.853523Z","last_seen":"2026-06-18T11:27:00.803448Z","times_seen":106,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/css/style.css","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.844Z","timestamp":1781255145844,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /Q0g0MS1OMTUxNS1EMDkwNjA2/css/style.css HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 09 Jun 2026 10:42:00 GMT\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\netag: \"6a27edf8-1059\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NMkI3tdnrjjibovogdjpa0JxXj6%2FNADxTjpWFU48nbU07S3fsAT4R7FpR4Z1%2Bsn84iLE%2BUwILJiLmE5kILJ6UmFfwzVFEs1TlSFJ%2BMU8y65AuKicfoMVAtzomshISR49\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0a7b2158d675fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4185,"size_decoded":1981,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"77c9cbedd3abcc52c6e0f6b46a5f92db","sha1":"fde8182b6d92f5c546d888bc39f38f465e2a9c0e","sha256":"319234dad60e15191fef622457949d7922ade6c4754088d6c7ff9353d39e509d","sha512":"a604aeb36cb17b11ad31634d4d7dcc618ebaea5a392b8fd8ef5b94b2522d18f249ceaa78427e765e3df7de061d5e3a6c3c36174555c33af22e61da08e2d77a31","ssdeep":"96:gcQvVb0BtBVTPsQslSA0/gFMzctZYqZx1J+:ntBxknfxf+","tlshash":"6b811229fa57100a7277c9f477f24f96eb490013d70606b9bbe06164abd446c9a74fcc","first_seen":"2025-06-27T16:49:48.854721Z","last_seen":"2026-06-18T11:27:00.794762Z","times_seen":106,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.6.4/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.847Z","timestamp":1781255145847,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/jquery/3.6.4/jquery.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\nlast-modified: Wed, 08 Mar 2023 16:05:42 GMT\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/r2\r\nx-cdnjs-cache: HIT\r\ncf-cache-status: HIT\r\nage: 1278190\r\nexpires: Wed, 02 Jun 2027 09:05:45 GMT\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MxhfO8smqSo0aM491CrADBm3ij7b2feA%2B1gPZ1siY1VagjGbmFNaHiLdnzP6gwpx09DV6L9j%2F%2FErshXpjy20H3bcXEszfcoCzo7chRLbnJIMU36azeDiAUATgwxkrd2jOweoC63q\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: a0a7b215ba3256b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89795,"size_decoded":29024,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"641dd14370106e992d352166f5a07e99","sha1":"eda46747c71d38a880bee44f9a439c3858bb8f99","sha256":"a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af","sha512":"a6e981b23351186aa43f32879dd64c6801be6e2af7ef8b0e472cccdeeba52d5d7894de4bcb292a364f1e11e525524077534338140a72687ada4fae62849843a5","ssdeep":"1536:IjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvg:IeeIygP3fulzhsz8jlvaDioQ47GKH","tlshash":"d193f8ddb2c6702247a770ba007f510bf236199d684d8450f269d8e9bc78a4e827bf7d","first_seen":"2023-03-26T04:59:07Z","last_seen":"2026-06-21T13:16:00.206657Z","times_seen":25365,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":3,"connect":21,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/img/brand.png","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.861Z","timestamp":1781255145861,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /Q0g0MS1OMTUxNS1EMDkwNjA2/img/brand.png HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: image/png\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 09 Jun 2026 10:42:12 GMT\r\npriority: u=5,i\r\netag: \"6a27ee04-4d74\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AMEXXvbuWuc1Wk8ouw%2FpLDRpKfQJ5Y3L4ELarODvuAS97ORFhjiw2iD5R1%2FRfeym%2B4BvdUzzRcRSejqEiHrJXQchCGYqFBlDigF88rWTh9eGK8U2xGIh9V78ihEUu4Nj\"}]}\r\ncontent-length: 19828\r\ncf-ray: a0a7b215bd6b5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19828,"size_decoded":20518,"mime_type":"image/png","magic":"PNG image data, 304 x 94, 8-bit/color RGBA, non-interlaced","md5":"353f3e5fd185ed7c2562cf6738353d91","sha1":"a787e2b5ea26eab37d5fe94daf8dce177ca0f01e","sha256":"0694d0f465065bbfff057c48480b1d7f8899c6c679b817ef2e1ebeefe725bed6","sha512":"99072229a5236eea64e6ea37fe309beab1e9773d0745438d9b2656847d4aac95617c8362c9daee280e2843e770ade82c79e677e78e8087265419f25eac6cea8e","ssdeep":"384:MInGYRzR6XBQkWDT3yeIO14pVgYufH1W5sarl1satYlWIdHIIGL+twL/cayt:lGCoRQ7Ly81waHY5suvs0mFmIG+twLUv","tlshash":"6492b086fe611996084ef14bd67ca22282330dde5a53994e5e59f83b9f7007fcd1c4c6","first_seen":"2023-05-19T03:37:17Z","last_seen":"2026-06-17T19:39:48.356745Z","times_seen":106,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/img/box.png","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.864Z","timestamp":1781255145864,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /Q0g0MS1OMTUxNS1EMDkwNjA2/img/box.png HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: image/png\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 09 Jun 2026 10:42:13 GMT\r\npriority: u=5,i\r\netag: \"6a27ee05-37c34\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0ZSHt0Eexl82ufv8Z%2Bn0yZj5MPWrWdnsYTQdEXywdunQ7uwmdF3vp3BKHTqtpfrBxxV7nJncBPt1nrnDpl918oK4Yu3DphmlNNFO6L5UvZrRiERXDRC3SKC4M7UMqdBp\"}]}\r\ncontent-length: 228404\r\ncf-ray: a0a7b215bd6a5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":228404,"size_decoded":229092,"mime_type":"image/png","magic":"PNG image data, 420 x 401, 8-bit/color RGBA, non-interlaced","md5":"ae25b8c62a010907af3933fc358f523b","sha1":"da7c9fe675530bff9602710271f26268b33f0d42","sha256":"86572a5417fc6dd1f5568998253264f4ede87cb11f71488f3e5182452c1d3d54","sha512":"affa68beecc1df1c0feabfb619dd2c19f9ceedb236bc69515f35f84eb84f089028c59a48b4d0438860a1019fe069409681161e0fc5810399965ae781dab19e18","ssdeep":"3072:ywZZfDf1CeosfcpGwVuZ5tvwWvoXZkgwGG3s/2XpRBF58sdZ5HF:pfLAeoS/vpwJk1pXDBXTLF","tlshash":"892413f195a48df1e36d9b0b4b44eae75ce7b436cb4b03786e13ac1b5822b914003add","first_seen":"2023-05-19T03:37:17Z","last_seen":"2026-06-18T11:27:00.808811Z","times_seen":106,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/img/deliv-i.png","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.866Z","timestamp":1781255145866,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /Q0g0MS1OMTUxNS1EMDkwNjA2/img/deliv-i.png HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: image/png\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 09 Jun 2026 10:42:13 GMT\r\npriority: u=5,i\r\netag: \"6a27ee05-1424\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rjGw%2B3i65NpfwZW1JeQrekJY8Dhj7YHmJI08FSRSZuTLWtfK0yo1x6kCeynBc5GJcGt4LTZcHOMpmMhqbT2CBN9aid4JrGFZM3nUgUS29d5Vqv%2Bwm6X4B0rJzHSrOmN6\"}]}\r\ncontent-length: 5156\r\ncf-ray: a0a7b215bd6c5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5156,"size_decoded":5836,"mime_type":"image/png","magic":"PNG image data, 128 x 80, 8-bit/color RGBA, non-interlaced","md5":"78b4efc4159a13bea40c884aed7ebfa1","sha1":"a53f45d514b90615f76671dc7e40308f9fb31aa8","sha256":"5279405c62450851379ec0c27a4c929d540dc8416399ea4859b58476fced8900","sha512":"e3809810781a07509231bf4187875b8008017d7c333a8177667f6a7e8011cffe94f9673d786f906fdad3a71d4283e6a7b8264393307d584f08849bca4691348b","ssdeep":"96:VSTknmWI4KzrmZ9HfLGJH0HRUc/MXZF8xx/qrormt+D9HYjQt76pCDvu5Sdm:VSTknESZ9/qJpFyi1tiHOm6ADv2j","tlshash":"16b14c8cbd0198d91d433a4b6afe19022939074455f9f417f8da4c1718317becaaf5ea","first_seen":"2023-05-19T03:37:17Z","last_seen":"2026-06-18T11:27:00.814486Z","times_seen":110,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":79,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/favicon.ico","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:46.274Z","timestamp":1781255146274,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=\r\nCookie: _ga_MB2WV0SZV7=GS2.1.s1781255146$o1$g0$t1781255146$j60$l0$h0; _ga=GA1.1.555725729.1781255146\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:46 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vEnKNzHtH33Oe295F%2BUrS%2BG2UvAtHZqvKrIGrtrIfPVIT0GKp8rz7GEjribcgvJkWFkhUwP5NI2kNghMvSx1cjk%2FLd9CBltlVENzDCL%2F6I5xg%2FtE0Lf5lLi5OMWq7A9f\"}]}\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\ncf-ray: a0a7b2183d7f5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":707,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-06-21T14:30:44.466401Z","times_seen":529441,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":86,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.841Z","timestamp":1781255145841,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap@5.2.3/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://headcage.info\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 28968\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.2.3\r\nx-jsd-version-type: version\r\netag: W/\"2f955-d5HdHzFzoNYsw5wh0q1x/I2tDnI\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230051-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 1846829\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hgJXLNmJyTf1ZWgoJYz1DDTgX90VqtnBuinf2xWYNeCNH9csNJAC4sK0Is0XGNWCmpaJkP%2FwXLxbaV5iE5fo4p8Y%2BLKHhgL5kgqTw0nJiNZx3Tq3XZHiWU5sEAt2hpo4oEM%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a0a7b215bdef3181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":194901,"size_decoded":30068,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65305)","md5":"3f30c2c47d7d23c7a994db0c862d45a5","sha1":"7791dd1f3173a0d62cc39c21d2ad71fc8dad0e72","sha256":"c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a","sha512":"49b891fdebaca612a8315557cac4ca1bfed5b1e5a28be63715d1ebb741292a0a53a1979e9a1a8779978b58b849badcffdaeb76570d6e4048f631b445f9354150","ssdeep":"1536:ZtGg9JfWgeQK5wlP72qgOfI3N9LsqkVkpz600I4lp:ZtGg9JfWD9kVkpz600I4lp","tlshash":"991482d6f190307d98a7c2499591fefd866fa585d7120aaaf0137b6807ca7c30963ecc","first_seen":"2023-04-05T16:04:29Z","last_seen":"2026-06-21T14:12:22.718328Z","times_seen":8657,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":3,"connect":1,"send":0,"wait":6,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.853Z","timestamp":1781255145853,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-type: application/javascript\r\nexpires: Sun, 14 Jun 2026 09:05:45 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8%2B4orxMzAYY9bdljdh6EjTvDUbzfUx5vc7j50cM5zumC7RncSJEcUYFNTWsbdnWqwrFGFJzscFlZ8O4bMnTwNEyshZAEyCBprGBjhqmlHsLsIF6MN5T6EQqkPmQOJm%2F7\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\nserver: cloudflare\r\ncf-ray: a0a7b2159d695fac-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":1282,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-21T14:30:57.566767Z","times_seen":374651,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"natureviewer.in/clicks?p=1515P161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=","fqdn":"natureviewer.in","domain":"natureviewer.in","tld":"in"},"ip":{"addr":"172.67.192.18","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.931Z","timestamp":1781255145931,"http_version":"HTTP/3","security_state":"","security_info":null,"request":{"raw":"GET /clicks?p=1515P161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4= HTTP/1.1\r\nHost: natureviewer.in\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nReferer: https://headcage.info/\r\nSec-Fetch-Storage-Access: none\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Fri, 12 Jun 2026 09:05:46 GMT\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L3V2FgEMHgv%2BdQgFqfl8%2FLybht8ZVPm86KQUc49Z3GP8nYIrsi%2BYeeAdEhz194yHqk7h%2B0gnw2unyG32YuPDylTOJxJ6kvHfrsglUgwWYM1fV4IbjM5DCUAejxfY1EUCIV4%3D\"}]}\r\npriority: u=5,i\r\ncontent-type: text/html; charset=UTF-8\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a0a7b216896156c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-21T14:29:50.155854Z","times_seen":16610422,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/img/bg.jpg","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.989Z","timestamp":1781255145989,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /Q0g0MS1OMTUxNS1EMDkwNjA2/img/bg.jpg HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:46 GMT\r\ncontent-type: image/jpeg\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 09 Jun 2026 10:42:09 GMT\r\npriority: u=4,i\r\netag: \"6a27ee01-20bc2\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o7qO0%2F%2FH%2BFUIO9yhgDifIr6JEf%2B9Oh1N1WsExENujgBvEJ3vOtamCkiR7ZsTpbSqSsqtjA%2FXHIiQYwK%2BUcdhHwxabz4K1pKH9SzhhA1%2Bm8hm1TWg%2BKL%2F53ZxjsEFGUg2\"}]}\r\ncontent-length: 134082\r\ncf-ray: a0a7b2167d755fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":134082,"size_decoded":134780,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1440x840, components 3","md5":"1b9fbe0498bb7164958c41f566d401f5","sha1":"a85dc0f171e6c8be0d5f1857c6fd4e7958ce92fd","sha256":"43f6c150e5cdd789faafc713386aa71098bc4048c8cd86299dafbee4d1a8629b","sha512":"c63ad1928d20a4b9891c75dd208a463948316506566c7565456e77ca4e0b26baa5fba3a49b2988ad0f8da0825bed20915de922864e1f00a703d4511ddf2a5168","ssdeep":"3072:lRg5rTAYhKkXgyYIrjS2428r72o2nUgok9i/muOdefU:luFxhKmQ2eCo+UR3NOd9","tlshash":"35d31229fb299362a351f9f60e22d5d66c6e4951fceac32757a04d1163c82c0ac4fcd2","first_seen":"2023-05-19T03:37:17Z","last_seen":"2026-06-18T11:27:00.809693Z","times_seen":122,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":88,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-12T09:05:45.364Z","timestamp":1781255145364,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8= HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: accept-encoding\r\npriority: u=0,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4RZPOr8tKBRwe8wkVEN29k%2Fj7a6Y6UlBRgcvqV1jBT9h4pV177yefOti6xyne3fgvMs%2B6Bt5qBkr7%2BMCOTNrvzoQXMWrRuhHpPn2m3TNz6M%2F6dz5JxITdjE%2BoA8Fc7S%2F\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a0a7b2128d515fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"jQuery:3.6.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap:5.2.3","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]}],"data":{"size":9635,"size_decoded":4122,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (345), with CRLF line terminators","md5":"5793287d1fceb5313b4cef7d06b365ba","sha1":"5fc5545e62608b27d42687c830d3259aa8fbbca3","sha256":"8f6145bb133d19144a6becd38ab1fa36a7e63e2da3f5c40416113ab87eafbaed","sha512":"85c947cac3d8ed75eacce8884dfda82c4b5d2686f1597f500748b73be611939b72a6de5a48ac083ceafa2cf13b7272c5e16e9fbe2bcccfe7e7cfd006ccf924f1","ssdeep":"192:tIXEV0EA29EVoCHg5y+0Ism0zLtoLWAz2Pnprvzje5iKgP45i0ifiJ:thlAvVoX70Ism0zLtoLWAz2hzzjXK15t","tlshash":"1912feb0308c497601e3028b21706b8ee49fc626c7774195fbfa137707d2d95ae8b216","first_seen":"2026-06-12T09:06:11.078918Z","last_seen":"2026-06-12T09:06:11.078918Z","times_seen":1,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":70,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.848Z","timestamp":1781255145848,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://headcage.info\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 24046\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.2.3\r\nx-jsd-version-type: version\r\netag: W/\"13a24-kNFQNu9I/LM2oTW66BK0VmnxkEQ\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230058-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 1577355\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=APTouoCNCSfGCvPbdruY00oxTgEZyW2nGsR0tkTCZrsO%2B0srbRB4R9A6MxDD9YEkRzCjCDdR7QE%2BZgFLwUvpraXlnxvZTQvMQa2ybaMlm3mvb4ZZVQRlD9S7L1cPkA9TrYg%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a0a7b215bdf33181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80420,"size_decoded":25160,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"b75ae000439862b6a97d2129c85680e8","sha1":"90d15036ef48fcb336a135bae812b45669f19044","sha256":"9520018fa5d81f4e4dc9d06afb576f90cbbaba209cfcc6cb60e1464647f7890b","sha512":"8bd7047c9c14c158843c529d0b57a7cf86511818fc610a3a401c854c5f766171e2ef0682ab27b1bd10fbe52e4d553b12893bfbaca5aa1bd639785c6646c3a7d0","ssdeep":"1536:p4SMTGR2t4n+3ifBHJR9WbUHk3j8YY+PwRM3CGJI9BqQM6kF:b4Fj8GPwRM3CiI9Bt8","tlshash":"6973c6593254b4770ade45b68037420bf2265d98b24b802cb5bcadde2a7dc863277f7c","first_seen":"2023-03-08T16:08:57Z","last_seen":"2026-06-21T13:06:19.480753Z","times_seen":8645,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":6,"receive":1,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/img/rating-i.png","fqdn":"headcage.info","domain":"headcage.info","tld":"info"},"ip":{"addr":"104.21.94.223","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:45.869Z","timestamp":1781255145869,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"headcage.info","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 May 2026 16:17:59 GMT","end":"Thu, 27 Aug 2026 17:16:38 GMT"},"fingerprint":{"sha1":"25:2C:21:6C:93:2B:83:1F:E5:23:A6:0A:22:7C:54:64:F9:10:11:3E","sha256":"AC:97:44:CD:7F:41:9C:81:21:05:45:13:51:62:08:22:4F:7C:A1:03:C5:D9:A3:85:30:2C:66:FD:34:B6:50:19"}}},"request":{"raw":"GET /Q0g0MS1OMTUxNS1EMDkwNjA2/img/rating-i.png HTTP/1.1\r\nHost: headcage.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Fri, 12 Jun 2026 09:05:45 GMT\r\ncontent-type: image/png\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 09 Jun 2026 10:42:15 GMT\r\npriority: u=5,i\r\netag: \"6a27ee07-202f\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XCaWpimGSjFHDpMT%2F5nyNQvWkJgGDvxoMkYoyv%2FMaHQ4pjOrxZXlpvS2Q%2BINT7FIg9nF0o6uwZbtKeb3b%2Bnl3asHjzaSqAd7kz2INhI4YHGSx7f2wnsQtZVVgu4J3Zlo\"}]}\r\ncontent-length: 8239\r\ncf-ray: a0a7b215bd6e5fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8239,"size_decoded":8930,"mime_type":"image/png","magic":"PNG image data, 128 x 80, 8-bit/color RGBA, non-interlaced","md5":"a42099f35afdf6b91cdc5491f7f19965","sha1":"2759dc3b50e330ab9dda1bb8a0f8ec7cf3c884a2","sha256":"4d3d826b6eae3f602e2cb612cc9a83bf7e6e79a95309c9cb0c75061a587f4205","sha512":"24030311f01881819c2e5fd50822efe88a9e42b76ed85d81c16c65e732e7ab8af47a3d3189e17f9a7d36efeeab29a2bbc5d152521dbd0d56aa4f48d656b62fa1","ssdeep":"192:VSTkneY/aiY5F8qj6jxYYSvVZKGXCWCAyE1Cwe4filW:04nnZbRxYJvvKGXjCzEzJalW","tlshash":"f102af8576127c51da4919cf3ebca5dbb6030fd48353d0c6b4ca4532f8212fb8e4968a","first_seen":"2023-05-19T03:37:17Z","last_seen":"2026-06-18T11:27:00.804409Z","times_seen":110,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-12","alert":"Phishing Block","trigger":"headcage.info","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-12","alert":"Sinkholed","trigger":"headcage.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.no/ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-MB2WV0SZV7\u0026cid=555725729.1781255146\u0026gtm=45je66a1v9115169269za200zd9115169269\u0026rcb=7\u0026aip=1\u0026dma=1\u0026dma_cps=a\u0026gcd=13l3l3l2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=115938466~115938469~119392696~119392704~119456239~119456247\u0026z=1334441847","fqdn":"www.google.no","domain":"google.no","tld":"no"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://headcage.info/Q0g0MS1OMTUxNS1EMDkwNjA2/?u=161C1515\u0026e=cotiy64366%40smlmail.com\u0026s3=\u0026s4=\u0026s5=\u0026s6=\u0026s7=\u0026s8=","date":"2026-06-12T09:05:46.201Z","timestamp":1781255146201,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.no","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:40:17 GMT","end":"Mon, 17 Aug 2026 08:40:16 GMT"},"fingerprint":{"sha1":"EA:0E:3F:78:A6:BC:42:4B:F8:83:60:D9:3B:B6:87:D4:0F:35:01:AB","sha256":"79:A1:CD:F5:F5:8B:42:8C:8E:26:8A:CB:4D:BB:80:9F:FA:D9:EB:92:01:B9:42:50:78:FA:9F:C6:BE:F7:9B:65"}}},"request":{"raw":"GET /ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-MB2WV0SZV7\u0026cid=555725729.1781255146\u0026gtm=45je66a1v9115169269za200zd9115169269\u0026rcb=7\u0026aip=1\u0026dma=1\u0026dma_cps=a\u0026gcd=13l3l3l2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=115938466~115938469~119392696~119392704~119456239~119456247\u0026z=1334441847 HTTP/1.1\r\nHost: www.google.no\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://headcage.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Fri, 12 Jun 2026 09:05:46 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":42,"size_decoded":578,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-21T14:30:41.666188Z","times_seen":957369,"resource_available":true,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":2,"connect":16,"send":0,"wait":35,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}