{"report_id":"d2273904-9397-491f-b3ed-726d8455c69c","version":6,"status":"done","tags":[],"date":"2025-08-01T13:39:09Z","url":{"schema":"http","addr":"candydolll.cc/","fqdn":"candydolll.cc","domain":"candydolll.cc","tld":"cc"},"ip":{"addr":"104.21.64.1","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"http","addr":"candydollz.top/","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"title":"CANDYDOLL"},"submit":{"url":{"schema":"http","addr":"candydolll.cc/","fqdn":"candydolll.cc","domain":"candydolll.cc","tld":"cc"},"ip":{"addr":"104.21.64.1","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-09-05T13:39:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-01T13:38:47Z","timestamp":1754055527,"ip_dst":{"addr":"176.123.0.55","port":80,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"ip_src":{"addr":"172.18.0.13","port":49054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-01T13:38:47.221964+0000\",\"flow_id\":108275108890022,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":49054,\"dest_ip\":\"176.123.0.55\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"candydollz.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":728},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":671,\"bytes_toclient\":7710,\"start\":\"2025-08-01T13:38:47.017830+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"t1.gstatic.com","ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2013-05-06T22:57:20Z","last_seen":"2025-07-26T02:35:42.007883Z","alert_count":0,"request_count":4,"received_data":4833,"sent_data":2072,"comment":"","tags":null,"fingerprints":null},{"fqdn":"t3.gstatic.com","ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2013-05-06T20:15:36Z","last_seen":"2025-07-25T17:53:08.278597Z","alert_count":0,"request_count":3,"received_data":3477,"sent_data":1556,"comment":"","tags":null,"fingerprints":null},{"fqdn":"xfap.top","ip":{"addr":"172.67.131.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-02-17","domain_rank":0,"first_seen":"2025-05-28T09:21:49.942322Z","last_seen":"2025-07-21T13:58:37.401897Z","alert_count":0,"request_count":1,"received_data":56243,"sent_data":446,"comment":"","tags":null,"fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"t0.gstatic.com","ip":{"addr":"142.250.178.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2013-05-06T20:22:05Z","last_seen":"2025-07-26T04:42:39.706294Z","alert_count":0,"request_count":1,"received_data":1687,"sent_data":517,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":8877,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-07-30T15:14:12.092299Z","alert_count":0,"request_count":1,"received_data":2413,"sent_data":439,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.google.com","ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":7,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2025-07-30T15:13:23.39034Z","alert_count":0,"request_count":12,"received_data":11023,"sent_data":5442,"comment":"","tags":null,"fingerprints":null},{"fqdn":"i.imgur.com","ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2009-01-09","domain_rank":5110,"first_seen":"2012-05-21T08:09:36Z","last_seen":"2025-07-31T10:54:52.696186Z","alert_count":0,"request_count":8,"received_data":170274,"sent_data":3363,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"candydollz.top","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-11-16","domain_rank":0,"first_seen":"2024-12-07T03:51:55.896557Z","last_seen":"2025-05-28T09:21:50.367343Z","alert_count":17,"request_count":15,"received_data":30617,"sent_data":7957,"comment":"","tags":null,"fingerprints":[{"name":"PHP:7.3.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"MyBB","description":"MyBB is a free and open-source forum software written in PHP.","website":"https://mybb.com","common_platform_enumeration":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","icon":"MyBB.png","categories":["Message boards"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Font Awesome","description":"Font Awesome is a font and icon toolkit based on CSS and Less.","website":"https://fontawesome.com/","common_platform_enumeration":"","icon":"Font Awesome.svg","categories":["Font scripts"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}]},{"fqdn":"t2.gstatic.com","ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2013-05-07T00:09:56Z","last_seen":"2025-07-28T22:33:25.955257Z","alert_count":0,"request_count":4,"received_data":5112,"sent_data":2077,"comment":"","tags":null,"fingerprints":null},{"fqdn":"use.fontawesome.com","ip":{"addr":"104.21.27.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-10-18","domain_rank":942,"first_seen":"2017-01-30T04:43:25Z","last_seen":"2025-07-30T16:58:12.631706Z","alert_count":0,"request_count":1,"received_data":673380,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"candydolll.cc","ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-04-18","domain_rank":0,"first_seen":"2024-05-13T20:43:36Z","last_seen":"2025-05-28T09:21:50.246222Z","alert_count":0,"request_count":1,"received_data":515,"sent_data":482,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-08-01T13:38:47Z","timestamp":1754055527,"ip_dst":{"addr":"176.123.0.55","port":80,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"ip_src":{"addr":"172.18.0.13","port":49054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-01T13:38:47.221964+0000\",\"flow_id\":108275108890022,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":49054,\"dest_ip\":\"176.123.0.55\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"candydollz.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":728},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":671,\"bytes_toclient\":7710,\"start\":\"2025-08-01T13:38:47.017830+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"candydollz.top/","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9b43b8c18b1fe0c62126622e88b7f1ef","sha1":"55311c9946812807a72bdb96acf894f1ec73df66","sha256":"227d7bd2d541c904020eed9733be67c9f8e14a8a59f10d937c2e01986e398d83","sha512":"c345e052e949983fa98e14a9769faa5613539d18b34bab836cb32a1527fb21239fc0eed6d4ba310afaa242c838cc5aa03fe46ee7293561c8b98b3b550f123a08","ssdeep":"","tlshash":"ed414183698d1d35008d60a37d7e28c1dd0be09dbb2cad169b19b8ad63808dd47b95aa","size":2207,"data":"","first_seen":"2025-08-01T13:39:12.915845Z","last_seen":"2025-08-01T13:39:12.915845Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-08-01T13:38:47Z","timestamp":1754055527,"ip_dst":{"addr":"176.123.0.55","port":80,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"ip_src":{"addr":"172.18.0.13","port":49054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-01T13:38:47.221964+0000\",\"flow_id\":108275108890022,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":49054,\"dest_ip\":\"176.123.0.55\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"candydollz.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":728},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":671,\"bytes_toclient\":7710,\"start\":\"2025-08-01T13:38:47.017830+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"candydollz.top/","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"86d09c00f11a34ef49395ceab782c902","sha1":"3f899636bb799302e7da2f54f7abe09131ce700a","sha256":"1baf79ec6bdd893d2de86736aa3c3a5aec13bd2c31a9094f615c6cc978f7fc3c","sha512":"e31efc009af1a3518e5223f4e3aca96e50807c06035b6935667f5a45e9ac2d6b19bef8809bf76b3b06866c392d210fc875629cc5cdddb1cb576a3b1fe4dfe940","ssdeep":"","tlshash":"94e09a183492682008ab241881bfe694752e2123711afa027d9cdeae2fa02b99645acc","size":389,"data":"","first_seen":"2023-03-07T21:24:09Z","last_seen":"2026-03-29T04:28:31.994376Z","times_seen":110,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-08-01T13:38:47Z","timestamp":1754055527,"ip_dst":{"addr":"176.123.0.55","port":80,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"ip_src":{"addr":"172.18.0.13","port":49054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-01T13:38:47.221964+0000\",\"flow_id\":108275108890022,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":49054,\"dest_ip\":\"176.123.0.55\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"candydollz.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":728},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":671,\"bytes_toclient\":7710,\"start\":\"2025-08-01T13:38:47.017830+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"candydollz.top/","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3e778a0599600893f6740e061f0db321","sha1":"a9f01d1beac63e231a419894462ddf00adcd86ae","sha256":"391dc11066c3b8e2f89bfe77f24d5ccb9f39c5ab3a499559caa7a4d5a8b175c6","sha512":"60da55c43f8b588bfa9c280f855c11935b06942db1ea1dace8e65dfb315d22cde302286d00ab6e5c4db011f0f37faead51987ed5b9a1fef5123fda6fafad5cc6","ssdeep":"","tlshash":"5ab0929862985b5a02f311986a9814a616708abe816c695b2a05b914a20d84462cae43","size":125,"data":"","first_seen":"2023-03-07T14:37:29Z","last_seen":"2026-03-30T23:26:46.807189Z","times_seen":399,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-08-01T13:38:47Z","timestamp":1754055527,"ip_dst":{"addr":"176.123.0.55","port":80,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"ip_src":{"addr":"172.18.0.13","port":49054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-01T13:38:47.221964+0000\",\"flow_id\":108275108890022,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":49054,\"dest_ip\":\"176.123.0.55\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"candydollz.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":728},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":671,\"bytes_toclient\":7710,\"start\":\"2025-08-01T13:38:47.017830+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"use.fontawesome.com/releases/v5.0.6/js/all.js","fqdn":"use.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"104.21.27.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"44f077b456f3decb0d1b00769927c002","sha1":"7b42e60a6fd997baed4e431486fa8450935226a0","sha256":"1b31afdfd23628d9fb1118e31841278653c4ef36a6d0970c002d43e49b5d1856","sha512":"889f41d88e028ec1a103ad4d338929d7c1d6bf981cbf747823f4412a225e2094cdd39da7917dd979778c458e6d5513b3831439f3d20749e840f58779d6862439","ssdeep":"6144:X6omS9C8TjUhDVXEboc/7A/bc0QnJeyZ5Eh/SU:99C8uE/7gc0N","tlshash":"1ce4b5a8d764a3fc9dc587f9c72024b4b84e51be61e09328d2acc6e072974dce69dcc5","size":672449,"data":"","first_seen":"2023-03-07T01:07:49Z","last_seen":"2026-04-01T00:02:36.964396Z","times_seen":735,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"candydollz.top/","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e0e774c6eac4073121eb55b9e21d3511","sha1":"5156ea2435d223d0519ddce05085a2510c7b1807","sha256":"45a342390daafbd778ec29ac08c0cd3273410c225c6c1101306700c811b530b5","sha512":"2fd9fdf983e2f651be2955965a0be96ad581a2544bfd5718d3959966bf6d6ed8a39bce6a3d076b735638bb24d1cfc5646f72ac151c295478abe2361e5298f4d9","ssdeep":"","tlshash":"45a012a1c08c0407823411120c002025202fc4780052de496cb159a050c4706036040a","size":77,"data":"","first_seen":"2023-03-07T01:02:26Z","last_seen":"2026-03-30T23:26:46.808397Z","times_seen":991,"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-08-01T13:38:47Z","timestamp":1754055527,"ip_dst":{"addr":"176.123.0.55","port":80,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"ip_src":{"addr":"172.18.0.13","port":49054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-01T13:38:47.221964+0000\",\"flow_id\":108275108890022,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":49054,\"dest_ip\":\"176.123.0.55\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"candydollz.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":728},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":671,\"bytes_toclient\":7710,\"start\":\"2025-08-01T13:38:47.017830+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=nonuboard.gr","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=nonuboard.gr HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t1.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonuboard.gr\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 332\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:36:53 GMT\r\nexpires: Fri, 01 Aug 2025 14:06:53 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 115\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":245,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":77,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t1.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonubook.gr\u0026size=16","fqdn":"t1.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonubook.gr\u0026size=16 HTTP/1.1\r\nHost: t1.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://nonubook.gr/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 239\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 27 Jul 2025 15:12:53 GMT\r\nexpires: Sun, 03 Aug 2025 15:12:53 GMT\r\ncache-control: public, max-age=604800\r\nage: 426355\r\nlast-modified: Wed, 30 Nov 2022 04:04:02 GMT\r\ncontent-type: image/png\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":239,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"2dd22dbc1976568b9db743d2c1e81f3e","sha1":"6ee119b0b351d720d4ccc88f084a84f22bb0dc18","sha256":"44cf871e88d6e51bf2a97efe810eedcebbf0b0435ff1b1c2f51da331c254df73","sha512":"12b4dd764f5d5e17b3b1cd6e07713a96330cbb365cffbfdb65fb20a71178111aae0ddff87fa4c25a124cd5a1a319d4fad9910fe0a4d86d2e34292427351da80b","ssdeep":"","tlshash":"9dd097f692e45ca7c44e02a2c0690201fb300e09a082880a1703e02a676ab2330fed01","first_seen":"2025-06-07T18:44:30.608404Z","last_seen":"2026-03-24T00:37:41.600452Z","times_seen":47,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":107,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":100},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/removed.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /removed.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Wed, 14 May 2014 05:44:36 GMT\r\netag: \"d835884373f4d6c8f24742ceabe74946\"\r\ncontent-type: image/png\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\ndate: Fri, 01 Aug 2025 13:38:48 GMT\r\nage: 2072973\r\nx-served-by: cache-bwi5167-BWI, cache-hel1410020-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 1, 871\r\nx-timer: S1754055529.728572,VS0,VE0\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 503\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":503,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 161 x 81, 1-bit colormap, non-interlaced","md5":"d835884373f4d6c8f24742ceabe74946","sha1":"20002faf28adfd94ca98cf6ced46f14334b53684","sha256":"9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9","sha512":"f7cbb374bb33e07c89ab322543a335d7f15f192cc607867d6c468caa66a9c462a76fa687d7e77fad6127e94ddccd8c20a056b85378d74841cac0c2b687092fcd","ssdeep":"","tlshash":"81f075f247f52fa4e64f8d35da4c50ca6a24b240388281204367589427230434aad016","first_seen":"2023-04-11T07:45:55Z","last_seen":"2026-04-03T05:18:03.575236Z","times_seen":2709,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=candydolls.bz","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=candydolls.bz HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t2.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://candydolls.bz\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 333\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:18:12 GMT\r\nexpires: Fri, 01 Aug 2025 13:48:12 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 1236\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":287,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":78,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/task.php","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.287Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /task.php HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":0,"dns":1,"connect":50,"send":0,"wait":0,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=useneteens.bz","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=useneteens.bz HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t3.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://useneteens.bz\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 333\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:18:12 GMT\r\nexpires: Fri, 01 Aug 2025 13:48:12 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 1236\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":302,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":136,"dns":0,"connect":20,"send":0,"wait":8,"receive":0,"ssl":116},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t3.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonuplace.bz\u0026size=16","fqdn":"t3.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonuplace.bz\u0026size=16 HTTP/1.1\r\nHost: t3.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://nonuplace.bz/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 276\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 07:40:37 GMT\r\nexpires: Fri, 08 Aug 2025 07:40:37 GMT\r\ncache-control: public, max-age=604800\r\nage: 21491\r\nlast-modified: Sun, 18 Apr 2021 13:47:15 GMT\r\ncontent-type: image/png\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":276,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"5486bcc01ef9998d63a012540ea4a421","sha1":"826ca2df8f353a18da2c2be57114fed0e7bd5d6a","sha256":"fd96a86fafca1861913d5184536c41927d9930a9e85de82fc8382f1a6d1d96f2","sha512":"fca4568bb59003f09edf877dd5f4276d1d4279685e22d5c35413a8178b6965e12f82ac174b0d953dfb929ac532aec02a560207d33c227553ca5e130cbd865323","ssdeep":"","tlshash":"00d0ebe322eb6cb2b281013806b310ec5cb2293f005a00a4190f93b3430be5800a0580","first_seen":"2025-06-07T18:44:30.574097Z","last_seen":"2026-03-24T00:37:41.616406Z","times_seen":47,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":130,"dns":3,"connect":29,"send":0,"wait":30,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t3.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://art-models.gr\u0026size=16","fqdn":"t3.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.693Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://art-models.gr\u0026size=16 HTTP/1.1\r\nHost: t3.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://art-models.gr/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 400\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 31 Jul 2025 14:09:20 GMT\r\nexpires: Thu, 07 Aug 2025 14:09:20 GMT\r\ncache-control: public, max-age=604800\r\nage: 84568\r\nlast-modified: Wed, 29 Nov 2017 12:34:19 GMT\r\ncontent-type: image/png\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":400,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"b507d8982ca15bc87357b51df1c89ffc","sha1":"5359672ce7a1a36998cb043490eabbc84acc0b25","sha256":"d1c2d1392193223c93802de85928356f31e06d084a1568fe2b4a65b8d402be2c","sha512":"483f6d5bb0eecd93b2a9101b64faea65204c89c38d827b2e9bbe79bbdde8edf04de457dbe9152d05c820dfb6d5649273faefb09678c062c9b711bd8338c01bdf","ssdeep":"","tlshash":"99e0f1e67134d6e0e99012338e3ade729c6812a01ba25ae49d50347d5c1298120e01aa","first_seen":"2025-06-07T18:44:30.576422Z","last_seen":"2026-03-24T00:37:41.588105Z","times_seen":47,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":67,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-01T13:38:46.656Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":169,"dns":0,"connect":47,"send":0,"wait":0,"receive":0,"ssl":67},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-08-01T13:38:47Z","timestamp":1754055527,"ip_dst":{"addr":"176.123.0.55","port":80,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"ip_src":{"addr":"172.18.0.13","port":49054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-01T13:38:47.221964+0000\",\"flow_id\":108275108890022,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":49054,\"dest_ip\":\"176.123.0.55\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"candydollz.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":728},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":671,\"bytes_toclient\":7710,\"start\":\"2025-08-01T13:38:47.017830+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/c0EIfww.jpeg","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.357Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /c0EIfww.jpeg HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 18 Jun 2025 23:39:17 GMT\r\netag: \"6035f8408eec02e0ad11481c1b4c9957\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: jJvyZ1jE0w-E9wQlaiD4PPSbbz3Ib5UWpfQop3g3IXetd-BRKDTJyQ==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\ndate: Fri, 01 Aug 2025 13:38:47 GMT\r\nage: 1473857\r\nx-served-by: cache-iad-kcgs7200106-IAD, cache-hel1410020-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 16515, 4\r\nx-timer: S1754055528.640322,VS0,VE0\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 23220\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":23220,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 468x67, components 3","md5":"6035f8408eec02e0ad11481c1b4c9957","sha1":"550e87c35e42e9b8b96c3800808a3a4ddb1cfb42","sha256":"acbc8f6c513e7e3aa6a83300e3eafe27bab56c4d2bf4b271497f23b5c3944a94","sha512":"fcd87629e40ef773cca1137bb26424c47a72a182ffa8d9054f766be499429b80837a9e22e38288184da40055be7753b6f68a9130300d23d2cd1757a6cbcb36f9","ssdeep":"384:yeEs+PiBPpoC/NmpbC90MnpSOMJ/19tXBQLPA87LiDFaTGppA9t5Wi7qYsWMWLzn:fh+PNC/UglpSx19tXBAj7Lf8A9t5dsrw","tlshash":"9da2e100df19a6a6186701ffa0e229bedffe5d82e72202125e311863b5f5d9790d0c8f","first_seen":"2025-06-30T17:31:05.790388Z","last_seen":"2026-03-30T23:26:46.787542Z","times_seen":44,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":230,"dns":0,"connect":13,"send":0,"wait":14,"receive":6,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/cache/themes/theme3/global.css?t=1744712241","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.352Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /cache/themes/theme3/global.css?t=1744712241 HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":0,"dns":0,"connect":46,"send":0,"wait":0,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/FtRMJJL.jpeg","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /FtRMJJL.jpeg HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 17 Jun 2025 02:00:43 GMT\r\netag: \"b2b49c6d44670c2f8b0ba33cff3dc9bf\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: 5g2TFHE_8e75qG3KbdZFEb6osBbLaPU-P2cVf4We8XJseMTFAhdwFw==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nage: 2704523\r\ndate: Fri, 01 Aug 2025 13:38:47 GMT\r\nx-served-by: cache-iad-kcgs7200140-IAD, cache-hel1410020-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 98, 0\r\nx-timer: S1754055528.649840,VS0,VE1\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 13317\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":13317,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 469x67, components 3","md5":"b2b49c6d44670c2f8b0ba33cff3dc9bf","sha1":"43f55ebdd24714e8fe9b69746f9c2d6d4bda4d71","sha256":"0d4107fbfec4ad0cc590e18f92b24328fba8f35b062e17679ac6d21664f3e30f","sha512":"6b9da62b353a3bc4caea83f7cfe2dd36198d94db283e46a17d1900aa21055d59a2e579329381d19ae0feb17745e36d0616776c7edcf5fa6ee8beb6af6c2d313b","ssdeep":"384:y7gEiLNWXCuMcKAV0GuHlezyF5GtGbn6ABFVU:ivGWc20byC7bd7VU","tlshash":"7152bf0bd829024249797afb8cd350be4f73e608f368370b64ad9869e254ba8409c77c","first_seen":"2025-08-01T13:39:12.899085Z","last_seen":"2026-03-24T00:20:56.201837Z","times_seen":20,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":228,"dns":0,"connect":13,"send":0,"wait":25,"receive":15,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xfap.top/wp-content/uploads/xfap468.gif","fqdn":"xfap.top","domain":"xfap.top","tld":"top"},"ip":{"addr":"172.67.131.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xfap.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 15 Jun 2025 13:04:40 GMT","end":"Sat, 13 Sep 2025 14:03:25 GMT"},"fingerprint":{"sha1":"45:AC:3E:85:49:99:39:F4:F5:58:22:35:19:04:D4:34:6B:FC:BA:B4","sha256":"BB:8C:CE:4A:AA:7F:6A:0A:20:BE:46:8F:8D:5F:28:F0:05:BD:2A:45:E7:EA:F7:4A:42:78:19:C8:51:C8:03:C7"}}},"request":{"raw":"GET /wp-content/uploads/xfap468.gif HTTP/1.1\r\nHost: xfap.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Aug 2025 13:38:47 GMT\r\ncontent-type: image/gif\r\ncontent-length: 55180\r\ncache-control: public, max-age=31536000\r\nexpires: Sat, 04 Jul 2026 06:57:10 GMT\r\netag: \"d78c-65f7c56f-80975;;;\"\r\nlast-modified: Mon, 18 Mar 2024 04:39:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nx-xss-protection: 1;mode=block\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nx-powered-by: WPTangTocOLS\r\npermissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 2443293\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FEuaovk3Vh13kH9gmlPoxWpk%2FiCdvGuo92ElPLgk5rIdcbueB5twuSIPGBv9X%2FyLzbdsKXZymdBhYqyXigdYa0dZDJ2MMQ%3D%3D\"}]}\r\ncf-ray: 9685bce79ec456b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":55180,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 468 x 58","md5":"b26ba0f0086d4a2e0ccee60e49f33e73","sha1":"e1b71ea5f8f15b312a8f0a7f3c41f39417017306","sha256":"615a59b941f48b83ba97f2fd94812f0aa4ec439cfab2328ef481c7e5cbe9bab7","sha512":"65c45208dc8e30f9e3956817e6ded6df37f60bb711aea8373e7d1309ce7b463363103d77b5964703e5b52b54da9c173624fba5a85e815c7e2d027b318d603fc0","ssdeep":"1536:d6l0Tjr5gsYbUhSqsutLLOyj/6iJGC2Nx6i:d158bJ5uNR+5","tlshash":"fb430250380ad09b5dbe2fd58d6203c3b6f75c59a4229229fe68bbdd3530d73d9988c0","first_seen":"2025-01-04T06:11:18.504745Z","last_seen":"2026-03-22T19:42:52.877449Z","times_seen":45,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":227,"dns":0,"connect":1,"send":0,"wait":14,"receive":3,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/jscripts/jquery.plugins.min.js?ver=1821","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.608Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /jscripts/jquery.plugins.min.js?ver=1821 HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":0,"dns":5,"connect":50,"send":0,"wait":0,"receive":0,"ssl":65},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"i.imgur.com/ABb8xPB.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":80,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.517Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /ABb8xPB.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nConnection: close\r\nContent-Length: 0\r\nRetry-After: 0\r\nLocation: https://i.imgur.com/ABb8xPB.png\r\nAccept-Ranges: bytes\r\nDate: Fri, 01 Aug 2025 13:38:48 GMT\r\nX-Served-By: cache-hel1410020-HEL\r\nX-Cache: HIT\r\nX-Cache-Hits: 0\r\nX-Timer: S1754055529.550267,VS0,VE0\r\nStrict-Transport-Security: max-age=300\r\nAccess-Control-Allow-Methods: GET, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nServer: cat factory 1.0\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":503,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":2,"dns":3,"connect":18,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/jscripts/jquery.js?ver=1823","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.336Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /jscripts/jquery.js?ver=1823 HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":128,"timings":{"blocked":127,"dns":1,"connect":52,"send":0,"wait":0,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/jscripts/jquery.plugins.min.js?ver=1821","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.340Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /jscripts/jquery.plugins.min.js?ver=1821 HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":142,"timings":{"blocked":0,"dns":0,"connect":51,"send":0,"wait":0,"receive":0,"ssl":81},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t2.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://fashion-models.gr\u0026size=16","fqdn":"t2.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://fashion-models.gr\u0026size=16 HTTP/1.1\r\nHost: t2.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/png\r\ncontent-location: http://fashion-models.gr/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 911\r\ndate: Fri, 01 Aug 2025 13:38:48 GMT\r\nexpires: Fri, 08 Aug 2025 13:38:48 GMT\r\ncache-control: public, max-age=604800\r\nlast-modified: Wed, 29 Nov 2017 12:34:19 GMT\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":911,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"6b730a91c0a831bbd799f91354a126a6","sha1":"3882dd5363582a37caf556334e13e665df9a430e","sha256":"ab53add221978d405cc0339b754118ca18bf1b86b1addcf5168b06f2f3949688","sha512":"7392a96ac0f8e988a6ee0c6e88d96882fdb8ee749597e24b2bb60394a995ba8769eb9e2c64703b00b0159fd026a7d0ca89252069c76fa2898e7770545af0237a","ssdeep":"","tlshash":"d411bbe7abd136e495d280485077e9e2b58586cc614432406505c4a90307be64b929ce","first_seen":"2025-06-07T18:44:30.601019Z","last_seen":"2026-03-24T00:37:41.567094Z","times_seen":47,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":76,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=modelsblog.gr","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=modelsblog.gr HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t1.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://modelsblog.gr\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 333\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:36:53 GMT\r\nexpires: Fri, 01 Aug 2025 14:06:53 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 115\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":288,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":176,"timings":{"blocked":83,"dns":0,"connect":7,"send":0,"wait":9,"receive":0,"ssl":75},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t0.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonublog.gr\u0026size=16","fqdn":"t0.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonublog.gr\u0026size=16 HTTP/1.1\r\nHost: t0.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://nonublog.gr/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 856\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 08:51:39 GMT\r\nexpires: Fri, 08 Aug 2025 08:51:39 GMT\r\ncache-control: public, max-age=604800\r\nage: 17230\r\nlast-modified: Wed, 29 Nov 2017 12:34:19 GMT\r\ncontent-type: image/png\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":856,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced","md5":"a776f3e920de9c88b1e51b5cd8a0cad4","sha1":"c01f4166060cf9bfbdda0789d88af8d79a9b85b6","sha256":"d3fd54fcd138c05fbd11e1b6f3ca604fd8a7f34484e09b23800a6f9c56e48601","sha512":"8eada80a069dcd5547d40b2a3b4fa4911785fa6206c6b0e60d1f91ca370b5672276204b4596d3bc2d84aa7e3f80de6d0621cedfcb546ee61cc883b6efbdc6d5e","ssdeep":"","tlshash":"4211da4710a088a1c1f352f6810e6d07c3999e150e6155477399dde9f2d2b3953fb8dc","first_seen":"2025-06-07T18:44:30.588779Z","last_seen":"2026-03-24T00:37:41.545678Z","times_seen":44,"resource_available":false,"data":null}},"time_used":926,"timings":{"blocked":452,"dns":6,"connect":15,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/cache/themes/theme3/css3.css?t=1744712241","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.350Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /cache/themes/theme3/css3.css?t=1744712241 HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":112,"dns":0,"connect":50,"send":0,"wait":0,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/images/collapse.png","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.281Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /images/collapse.png HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":120,"dns":0,"connect":50,"send":0,"wait":0,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t2.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonuville.gr\u0026size=16","fqdn":"t2.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonuville.gr\u0026size=16 HTTP/1.1\r\nHost: t2.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://nonuville.gr/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 305\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 26 Jul 2025 23:30:58 GMT\r\nexpires: Sat, 02 Aug 2025 23:30:58 GMT\r\ncache-control: public, max-age=604800\r\nage: 482870\r\nlast-modified: Tue, 18 Jun 2019 22:21:02 GMT\r\ncontent-type: image/png\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":305,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"61f98b6b56a49a3f9a9ec4228516e0e9","sha1":"7f8cb239a7397863b71101f41810a4f6bb219885","sha256":"0f04b546901797ff773e43a56867d14d7e2472d402fee9dae6e570a23597cab6","sha512":"5c4b49ab59c085869949fb917c6e86f90a81dc974cec4da786cfababc4e3ebbe243cbaa66d216c287c125fe6f29880af87b4de43ede0a323c0c7ac5412fc5cf8","ssdeep":"","tlshash":"3fe07dfe56635c2994a919249cadb791a4795110a24c437503cc816856475680134e86","first_seen":"2025-06-07T18:44:30.577502Z","last_seen":"2026-03-24T00:37:41.537431Z","times_seen":47,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":112,"dns":1,"connect":15,"send":0,"wait":17,"receive":0,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Lobster","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"DF:A1:DB:1F:BC:5E:31:D7:F8:FE:26:E3:B9:B3:02:98:B1:C8:50:EC","sha256":"A2:57:20:B6:AE:46:89:B9:39:C7:57:9B:1E:43:96:E3:5A:BC:7E:3F:1D:18:10:34:CC:53:3D:DB:78:4E:5C:21"}}},"request":{"raw":"GET /css?family=Lobster HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 01 Aug 2025 13:38:47 GMT\r\ndate: Fri, 01 Aug 2025 13:38:47 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1727,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"47b286341e8409e053caf018a03bca0b","sha1":"d91320b336cc652d7a8325dd7d8e325cd24c3729","sha256":"4ed193ba40a9ac2433ee86f67080e1e92502d04b14792491a46238e3a845c099","sha512":"dfb62adadb62957e209a9355f53a72b4661bb4d0fb2575bd029815af9746e4acbc02bcfd040e2f5f287eba83d6ef85fca8eaa238078431b172a748b14670b937","ssdeep":"","tlshash":"7a31d095802ba400af833cd523de7e36dd5eb1443440e8366bfd1c6caca6d3653a0b1e","first_seen":"2025-06-03T14:44:56.254831Z","last_seen":"2025-09-08T18:21:29.809471Z","times_seen":101,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":96,"dns":0,"connect":10,"send":0,"wait":20,"receive":0,"ssl":111},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=fashion-models.gr","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=fashion-models.gr HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t2.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://fashion-models.gr\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 337\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:18:12 GMT\r\nexpires: Fri, 01 Aug 2025 13:48:12 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 1236\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":911,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":312,"timings":{"blocked":152,"dns":0,"connect":9,"send":0,"wait":9,"receive":0,"ssl":136},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t3.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://useneteens.bz\u0026size=16","fqdn":"t3.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://useneteens.bz\u0026size=16 HTTP/1.1\r\nHost: t3.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://useneteens.bz/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 302\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 30 Jul 2025 01:57:38 GMT\r\nexpires: Wed, 06 Aug 2025 01:57:38 GMT\r\ncache-control: public, max-age=604800\r\nage: 214870\r\nlast-modified: Wed, 22 Jan 2020 22:30:53 GMT\r\ncontent-type: image/png\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":302,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"c13483efb559a63cc8f8a15cf69f3163","sha1":"cb52ec54695abfdf79766670a8c8a313e366834e","sha256":"76645693eb163afe4bde56c6f7c66909484c4c39498847f386f7bbc744ebf162","sha512":"f81145ae54734cc0bd2d904101ef84e906f95f3892cf2d57dbf22c85ac737b818a3d0fbd07fb4deacb5c77c55ca742cb7b4e408cd04424591ca691764de45353","ssdeep":"","tlshash":"a5e0b7d2b0000c2ec18400b10c431cdfdc104078c0a107d315f5815b303d70c4178fc7","first_seen":"2025-06-07T18:44:30.57535Z","last_seen":"2026-03-24T00:37:41.561596Z","times_seen":47,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":99,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=nonublog.gr","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=nonublog.gr HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t0.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonublog.gr\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 331\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:36:53 GMT\r\nexpires: Fri, 01 Aug 2025 14:06:53 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 115\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":856,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":76,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/mGVKbsp.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /mGVKbsp.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 18 Jun 2025 23:00:28 GMT\r\netag: \"1b5350301650b8b41244e3eee6a3223f\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: eApyo8WzlTZqILiPSA_f7vMYo_NXr3W7aX5jSQKLdu77mhgA6el4Yw==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\ndate: Fri, 01 Aug 2025 13:38:47 GMT\r\nage: 2610643\r\nx-served-by: cache-iad-kiad7000168-IAD, cache-hel1410020-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 50, 4\r\nx-timer: S1754055528.650450,VS0,VE0\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 69203\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69203,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 472 x 68, 8-bit/color RGB, non-interlaced","md5":"1b5350301650b8b41244e3eee6a3223f","sha1":"a4743d1e78aa9870b037008ee9ce670101056dfd","sha256":"63dee89c07540eaccf2037ab1deb06857c630368d76c28214892a3ee290344a1","sha512":"76d01cc7e663e04013dc7197a5aaa0989ae3c6ff1a16f1f537b0a3384434eb8737641cacb86203fd6c7581a5cb998b2cd12c8e62c69f64c92cd9da4387713e4a","ssdeep":"1536:ppz4NlHpjB/ngssXcAEtZyULQCVDpbspuBpUvlARwtGq7C5+xYc:ppzgLjFDAEnLGpuBpUSwtzfxYc","tlshash":"01631227c873bb7593388406141dc0fec9811693d6ef18481debbaa65e859cdfc3b19a","first_seen":"2025-08-01T13:39:12.907856Z","last_seen":"2026-03-30T23:26:46.783187Z","times_seen":50,"resource_available":false,"data":null}},"time_used":328,"timings":{"blocked":231,"dns":0,"connect":13,"send":0,"wait":24,"receive":17,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t1.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonuboard.gr\u0026size=16","fqdn":"t1.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonuboard.gr\u0026size=16 HTTP/1.1\r\nHost: t1.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://nonuboard.gr/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 245\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 28 Jul 2025 00:53:41 GMT\r\nexpires: Mon, 04 Aug 2025 00:53:41 GMT\r\ncache-control: public, max-age=604800\r\nage: 391507\r\nlast-modified: Wed, 11 Apr 2018 06:27:24 GMT\r\ncontent-type: image/png\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":245,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"ec7248bca28ec8cb09a23dcaace4a9f7","sha1":"a267da8b0abf1367feb99cad7777fb2bd15ed9a4","sha256":"d4031978b37a4bb97ba2ed0b43a30f28268d00306883c149a02c852e93a89f72","sha512":"a81193627aa3b2f52a227cfdd33a0c7bdc2a4a73e989914268a2ea0865c7433a04fa92a05e1138b44ab5ace5d238b399d634f2336485b7615a4b0a8cd96f0b1f","ssdeep":"","tlshash":"50d022fe72a45b3ddc2a251249d79090de11e23c068c8397833a886bd41002ce174e8f","first_seen":"2025-06-07T18:44:30.607423Z","last_seen":"2026-03-24T00:37:41.602958Z","times_seen":47,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":93,"dns":8,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/cache/themes/theme3/css3.css?t=1744712241","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.033Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /cache/themes/theme3/css3.css?t=1744712241 HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":117,"dns":0,"connect":47,"send":0,"wait":0,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=nnmodels.gr","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=nnmodels.gr HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t2.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nnmodels.gr\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 331\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:18:12 GMT\r\nexpires: Fri, 01 Aug 2025 13:48:12 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 1236\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":290,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":83,"dns":0,"connect":20,"send":0,"wait":9,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t2.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://candydolls.bz\u0026size=16","fqdn":"t2.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://candydolls.bz\u0026size=16 HTTP/1.1\r\nHost: t2.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://candydolls.bz/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 287\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:38:48 GMT\r\nexpires: Fri, 08 Aug 2025 13:38:48 GMT\r\ncache-control: public, max-age=604800\r\nlast-modified: Thu, 30 Aug 2018 12:49:40 GMT\r\ncontent-type: image/png\r\nage: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":287,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"e208aec3d23de690a74cffe23fddd383","sha1":"24cccf8ec4395be61aceb818053fb7b872066d63","sha256":"4f89783991b10a3d3c054ac97cdce70c02b30bb355c105c75aa1473a3c37dbd4","sha512":"ef1aade79932ca43bb09d457aa72983dabc6717042a2c3215c734f8f23a9d29fe5ed9ecdf9d8c16eb806c3a6d22fbce819cef267cd76ba6e2f0cd981d297c029","ssdeep":"","tlshash":"63d0e7f03bd77cb4345433f72305b0947c61475d424403602b51dd507550964dcd4d3a","first_seen":"2025-06-07T18:44:30.572716Z","last_seen":"2026-03-24T00:37:41.60132Z","times_seen":47,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":140,"dns":9,"connect":17,"send":0,"wait":26,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"use.fontawesome.com/releases/v5.0.6/js/all.js","fqdn":"use.fontawesome.com","domain":"fontawesome.com","tld":"com"},"ip":{"addr":"104.21.27.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"use.fontawesome.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 02 Jul 2025 01:25:22 GMT","end":"Tue, 30 Sep 2025 02:25:16 GMT"},"fingerprint":{"sha1":"DA:FB:BC:1A:2B:40:16:07:27:DC:AC:27:1C:83:0A:53:D4:C7:76:89","sha256":"9D:29:3F:F4:AE:5F:81:A2:AC:DA:2A:E5:E7:B6:28:70:ED:CA:69:A2:02:75:E1:B5:87:B8:5B:08:2B:9B:62:7E"}}},"request":{"raw":"GET /releases/v5.0.6/js/all.js HTTP/1.1\r\nHost: use.fontawesome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 01 Aug 2025 13:38:47 GMT\r\ncontent-type: application/javascript\r\ncache-control: max-age=31556926\r\netag: W/\"44f077b456f3decb0d1b00769927c002\"\r\nlast-modified: Fri, 22 Sep 2023 01:44:11 GMT\r\nvary: Accept-Encoding\r\nage: 26876\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=jVuFPWSOpzrHYwTa7Rh0wz0nefLyN3UQ99MGSFPCRL%2FoqHILVd2SFp2K17GGXyjhmcdflo5g3iwTn56hlWipzBIdReOojL2%2FfwAmO1zdUPqFsJNszLuNamEr6aY2dgn6K5IyGEXI\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9685bce5eabe0b02-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=501\u0026min_rtt=452\u0026rtt_var=117\u0026sent=6\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=3275\u0026recv_bytes=1209\u0026delivery_rate=7771019\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=8f3b93c193f4f765\u0026ts=48\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":672449,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65358)","md5":"44f077b456f3decb0d1b00769927c002","sha1":"7b42e60a6fd997baed4e431486fa8450935226a0","sha256":"1b31afdfd23628d9fb1118e31841278653c4ef36a6d0970c002d43e49b5d1856","sha512":"889f41d88e028ec1a103ad4d338929d7c1d6bf981cbf747823f4412a225e2094cdd39da7917dd979778c458e6d5513b3831439f3d20749e840f58779d6862439","ssdeep":"6144:X6omS9C8TjUhDVXEboc/7A/bc0QnJeyZ5Eh/SU:99C8uE/7gc0N","tlshash":"1ce4b5a8d764a3fc9dc587f9c72024b4b84e51be61e09328d2acc6e072974dce69dcc5","first_seen":"2023-03-07T01:07:49Z","last_seen":"2026-04-01T00:02:36.964396Z","times_seen":735,"resource_available":true,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":3,"connect":1,"send":0,"wait":30,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/ABb8xPB.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /ABb8xPB.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nretry-after: 0\r\nlocation: https://i.imgur.com/removed.png\r\naccept-ranges: bytes\r\nage: 0\r\ndate: Fri, 01 Aug 2025 13:38:48 GMT\r\nx-served-by: cache-iad-kiad7000037-IAD, cache-hel1410020-HEL\r\nx-cache: HIT, MISS\r\nx-cache-hits: 0, 0\r\nx-timer: S1754055529.570747,VS0,VE118\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":503,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/images/collapse.png","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.355Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /images/collapse.png HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":360,"timings":{"blocked":232,"dns":0,"connect":53,"send":0,"wait":0,"receive":0,"ssl":75},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/l1Rxlci.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /l1Rxlci.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Wed, 13 Sep 2023 07:55:25 GMT\r\netag: \"ddfefe5b83954a203bb9344888cf31fe\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: MIA3-C4\r\nx-amz-cf-id: TuDYbdwA9TxkAYB_5G_iP1QS72lK9OYtqxtoRdVfADJkAeyda3Jw3A==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nage: 2062631\r\ndate: Fri, 01 Aug 2025 13:38:47 GMT\r\nx-served-by: cache-iad-kcgs7200161-IAD, cache-hel1410020-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 14290, 0\r\nx-timer: S1754055528.641632,VS0,VE2\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 39984\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":39984,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 472 x 68, 8-bit/color RGB, non-interlaced","md5":"ddfefe5b83954a203bb9344888cf31fe","sha1":"98c075a5c158d98c30e8b5f6b51ef5e1daedafad","sha256":"7b531b286b50015d92da2212a2eb800e6ae70e877ef0e3b44b4112233cea5e7c","sha512":"c499a924ef50469244c9beee3c278279e3cdc038b1af9b65283a344b37d27a0ff4c45c6bcd412c43fc4f56ff207983289c2a3d60a373544c25369992b003cf6b","ssdeep":"768:PEO+5pwuxqvDAO+bGrAWB58vtNUfj3+SnnqJtwhh3fo12L49:PEO+5hqb+b+AWBoANnnrhhAALU","tlshash":"1c03f2bb01ba9785d17c1833696d148014263d02e7a34f9bb884edd0bd09bbd74dce2e","first_seen":"2024-01-25T18:06:31Z","last_seen":"2026-03-26T07:03:06.335434Z","times_seen":55,"resource_available":false,"data":null}},"time_used":305,"timings":{"blocked":229,"dns":0,"connect":13,"send":0,"wait":18,"receive":10,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/jscripts/general.js?ver=1821","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.797Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /jscripts/general.js?ver=1821 HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":119,"timings":{"blocked":119,"dns":0,"connect":47,"send":0,"wait":0,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=art-models.gr","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=art-models.gr HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t3.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://art-models.gr\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 333\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:36:53 GMT\r\nexpires: Fri, 01 Aug 2025 14:06:53 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 115\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":400,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":351,"timings":{"blocked":169,"dns":0,"connect":9,"send":0,"wait":10,"receive":0,"ssl":158},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=nonuville.gr","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=nonuville.gr HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t2.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonuville.gr\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 332\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:18:12 GMT\r\nexpires: Fri, 01 Aug 2025 13:48:12 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 1236\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":305,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":77,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t1.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://models-me.bz\u0026size=16","fqdn":"t1.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://models-me.bz\u0026size=16 HTTP/1.1\r\nHost: t1.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://models-me.bz/wp-content/uuploads/2018/06/favicon-32x32.png\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 695\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 30 Jul 2025 12:07:43 GMT\r\nexpires: Wed, 06 Aug 2025 12:07:43 GMT\r\ncache-control: public, max-age=604800\r\nlast-modified: Sat, 03 Nov 2018 05:51:55 GMT\r\ncontent-type: image/png\r\nage: 178265\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":695,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"ea61cd46fdfd4aa342c992126d055279","sha1":"a05dbb9c9e9f6cd2665acd5fd0b294c4277ba40c","sha256":"d05c6a69b4c06737dc4d161468b0e1c5a90defd66dd032897bdc81547debb0a5","sha512":"c18813e60008ba2873405b80cc897bf0ba395dd84764ccd90a15bf7aff044c7bd6331fc1a26ffc66b4e323cadbd1bdd74ca78b7d83bf5d20449f7921269bbd9f","ssdeep":"","tlshash":"020144c632d0ac38e7de013d4b7a9810685516a2479122afebd8065f8138a4cb9e4fa2","first_seen":"2025-06-07T18:44:30.605169Z","last_seen":"2026-03-24T00:37:41.609617Z","times_seen":47,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":126,"dns":22,"connect":28,"send":0,"wait":29,"receive":0,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydolll.cc/","fqdn":"candydolll.cc","domain":"candydolll.cc","tld":"cc"},"ip":{"addr":"104.21.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-01T13:38:46.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"candydolll.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 06 Jun 2025 09:03:29 GMT","end":"Thu, 04 Sep 2025 10:01:48 GMT"},"fingerprint":{"sha1":"30:98:16:70:94:2C:19:EC:F3:CE:9A:1E:03:B7:AD:0A:6C:5C:96:D8","sha256":"C3:3B:62:45:26:33:6D:07:3A:09:59:94:90:99:67:3B:5D:61:97:8C:DD:F8:51:B4:28:63:C9:70:21:BD:4E:0B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: candydolll.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Fri, 01 Aug 2025 13:38:46 GMT\r\nlocation: https://candydollz.top\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CPFx%2FDK0N%2FAloBRig%2BPx2CJvWMxyNWXOsgedcvugseK7MkzmmWzB2Ui2f8zFmX57PZXci1mg4ZH0gmvd5mpE9XPKPcAuicWTeeHD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9685bce17d1556cb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":58,"timings":{"blocked":22,"dns":1,"connect":1,"send":0,"wait":8,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"candydollz.top/","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"176.123.0.55","port":80,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-01T13:38:47.018Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 01 Aug 2025 13:38:47 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/7.3.33\r\nCache-Control: no-cache, private\r\nSet-Cookie: mybb[lastvisit]=1754055527; expires=Sat, 01-Aug-2026 13:38:47 GMT; path=/; domain=.candydollz.top\nmybb[lastactive]=1754055527; expires=Sat, 01-Aug-2026 13:38:47 GMT; path=/; domain=.candydollz.top\nsid=e4b6c6607614d24e3df07b57a7a707e0; path=/; domain=.candydollz.top; HttpOnly\r\nX-XSS-Protection: 1; mode=block\r\nX-Content-Type-Options: nosniff\r\nX-Nginx-Upstream-Cache-Status: MISS\r\nX-Server-Powered-By: Engintron\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.3.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"MyBB","description":"MyBB is a free and open-source forum software written in PHP.","website":"https://mybb.com","common_platform_enumeration":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","icon":"MyBB.png","categories":["Message boards"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Font Awesome","description":"Font Awesome is a font and icon toolkit based on CSS and Less.","website":"https://fontawesome.com/","common_platform_enumeration":"","icon":"Font Awesome.svg","categories":["Font scripts"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":29923,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (442), with CRLF, LF line terminators","md5":"97791aa9df0a7949a6cfde08cf525320","sha1":"621fcf9abb1a66b3397c14df56b8e25d5325ae59","sha256":"290fcb6607f9f715627e12166a871b0343777f09725fada6751463a419f1a802","sha512":"99bf3e6ea4a08b37c69daa01b89c1e335d8dc5225ba577b946d6c667355a14019a3deb7e2e76cf9ea610618b62dbeb2c7c6d715b9cbe370f67047c04e2e17a1c","ssdeep":"384:22w40jvNiWgWQWJ2NArO588SQ4DJDKV7fe6Gryq+H3Mbt10drft:50TK588bv79mR10lt","tlshash":"e0d2d92370c9ba3b03a386e6b1312b9ed5f7d07cd7a50802b1f519676bc5fc5a0a7189","first_seen":"2025-08-01T13:39:12.912717Z","last_seen":"2025-08-01T13:39:12.912717Z","times_seen":1,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":49,"dns":1,"connect":49,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"","description":"","date":"2025-08-01T13:38:47Z","timestamp":1754055527,"ip_dst":{"addr":"176.123.0.55","port":80,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"ip_src":{"addr":"172.18.0.13","port":49054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to a *.top domain","source":"{\"timestamp\":\"2025-08-01T13:38:47.221964+0000\",\"flow_id\":108275108890022,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.13\",\"src_port\":49054,\"dest_ip\":\"176.123.0.55\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2023882,\"rev\":5,\"signature\":\"ET INFO HTTP Request to a *.top domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2017_02_07\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"candydollz.top\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":728},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":671,\"bytes_toclient\":7710,\"start\":\"2025-08-01T13:38:47.017830+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=nonuplace.bz","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=nonuplace.bz HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t3.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonuplace.bz\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 332\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:18:12 GMT\r\nexpires: Fri, 01 Aug 2025 13:48:12 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 1236\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":276,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":78,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/juEvBkF.jpeg","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /juEvBkF.jpeg HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\nlast-modified: Wed, 18 Jun 2025 23:20:11 GMT\r\netag: \"8c5bad72d202f13aa411c4ff510bc0d1\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: px_8w24UTmqLkHhusgek6t54q3cWh71wRgZ_yGiQndwAEjwJAGzdnQ==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\ndate: Fri, 01 Aug 2025 13:38:47 GMT\r\nage: 2704026\r\nx-served-by: cache-iad-kjyo7100060-IAD, cache-hel1410020-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 25182, 3\r\nx-timer: S1754055528.648708,VS0,VE0\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 17763\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":17763,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 468x67, components 3","md5":"8c5bad72d202f13aa411c4ff510bc0d1","sha1":"84f6372c3aed16cf98b905253845627ce440f3b6","sha256":"505a5359886067ba86f331ac8238f3d4d527db17f9be381b87e42d46e10077bf","sha512":"74aafa87c51163341efda7a3b2c403b51f95ca610f5bd49f00ab1781b02afba4eef509739ec22972d4af211be5288b52b1c650169d56d977504367b4f3451a80","ssdeep":"384:ye/fgmM7aCbN5fnGri+UVLfiBhpRGEBX2mVPM2HSFRRQvZsZ7:f/fg/bbDiivfiBhDGoX2+HyF7MZG7","tlshash":"cc82d174c02a27d3a34c5abb38ec524403ea1a15f94e2d957fc512708ecceba6d53b65","first_seen":"2025-06-30T17:31:05.761424Z","last_seen":"2026-03-30T23:26:46.805444Z","times_seen":42,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":234,"dns":0,"connect":13,"send":0,"wait":22,"receive":3,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/cache/themes/theme3/global.css?t=1744712241","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.036Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /cache/themes/theme3/global.css?t=1744712241 HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":52,"send":0,"wait":0,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=nonubook.gr","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=nonubook.gr HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t1.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nonubook.gr\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 331\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:36:53 GMT\r\nexpires: Fri, 01 Aug 2025 14:06:53 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 115\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":239,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":302,"timings":{"blocked":146,"dns":0,"connect":9,"send":0,"wait":8,"receive":0,"ssl":136},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/s2/favicons?domain=models-me.bz","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:54 GMT","end":"Mon, 29 Sep 2025 08:35:53 GMT"},"fingerprint":{"sha1":"F3:96:6E:68:01:34:12:AD:6A:03:D8:EF:BD:47:E1:FD:A4:AA:FB:C5","sha256":"BF:6D:12:A9:D7:AB:31:65:56:63:8F:97:4E:12:51:58:55:9A:75:81:94:F8:34:D1:46:46:48:4B:34:CB:8A:9E"}}},"request":{"raw":"GET /s2/favicons?domain=models-me.bz HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\nlocation: https://t1.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://models-me.bz\u0026size=16\r\nx-content-type-options: nosniff\r\nserver: sffe\r\ncontent-length: 332\r\nx-xss-protection: 0\r\ndate: Fri, 01 Aug 2025 13:18:12 GMT\r\nexpires: Fri, 01 Aug 2025 13:48:12 GMT\r\ncache-control: public, max-age=1800\r\ncontent-type: text/html; charset=UTF-8\r\nage: 1236\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":695,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":77,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t1.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://modelsblog.gr\u0026size=16","fqdn":"t1.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://modelsblog.gr\u0026size=16 HTTP/1.1\r\nHost: t1.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://modelsblog.gr/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 288\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 28 Jul 2025 13:35:59 GMT\r\nexpires: Mon, 04 Aug 2025 13:35:59 GMT\r\ncache-control: public, max-age=604800\r\nage: 345769\r\nlast-modified: Tue, 18 Jun 2019 21:21:56 GMT\r\ncontent-type: image/png\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":288,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"fb5a29b57ae3e8de13d2e03cd3fc7210","sha1":"c145ef33526d61b4d1bd700aef671365cb418613","sha256":"7178d82a34bef99f152bb52d30913b266748dd4e3f674d7ecd3887bece46b710","sha512":"39705d364e277f12da67f2e130f8c97b35839236a5bbfe776f60eee09418f5f4b50b844dc17e0299edd834e7f876eb54c4ba500aea5b5bfdbbe2b13915925287","ssdeep":"","tlshash":"ddd0e7b9c7092850cecf82516dcfa7549f6505dc4342118c0750cc03892504d8491fc1","first_seen":"2025-06-07T18:44:30.581915Z","last_seen":"2026-03-24T00:37:41.587386Z","times_seen":47,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":149,"dns":26,"connect":14,"send":0,"wait":29,"receive":0,"ssl":86},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t2.gstatic.com/faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nnmodels.gr\u0026size=16","fqdn":"t2.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.68","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:48.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 07 Jul 2025 08:35:11 GMT","end":"Mon, 29 Sep 2025 08:35:10 GMT"},"fingerprint":{"sha1":"43:A0:95:35:FB:C7:02:15:92:9E:20:20:0D:0A:E7:8F:93:61:52:CD","sha256":"F1:59:AE:4E:F0:84:C7:D9:0F:67:4F:CB:FE:A6:ED:7D:47:17:4F:83:AA:B4:ED:FE:F5:F2:69:A8:AB:43:0E:0B"}}},"request":{"raw":"GET /faviconV2?client=SOCIAL\u0026type=FAVICON\u0026fallback_opts=TYPE,SIZE,URL\u0026url=http://nnmodels.gr\u0026size=16 HTTP/1.1\r\nHost: t2.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://candydollz.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-location: http://nnmodels.gr/favicon.ico\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"media-favicon\"\r\nreport-to: {\"group\":\"media-favicon\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/media-favicon\"}]}\r\ncontent-length: 290\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 31 Jul 2025 08:05:55 GMT\r\nexpires: Thu, 07 Aug 2025 08:05:55 GMT\r\ncache-control: public, max-age=604800\r\nlast-modified: Sun, 13 Nov 2022 17:24:55 GMT\r\ncontent-type: image/png\r\nage: 106373\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":290,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"629d2ece19c0794ca2077763421e4737","sha1":"c1e5e7032ed1e0e04d447a872fb73e1155b48f21","sha256":"e824f71fe508eff42b6a48b34e1fffe2d48b3ba02ef38a72670ec9894ba44f9d","sha512":"e3e728da2ac6d0e919c4f0e74212026abd124a7e3734e336ce59cfe442e2512c596b2b40e7970304017cca4e4e53b206cd609b54b803b2a3859769efa9dea5bb","ssdeep":"","tlshash":"bad0e7931a043df4d4b9f323149680d98f3153665004ad33771f14d11d4b54850a4c40","first_seen":"2025-06-07T18:44:30.591479Z","last_seen":"2026-03-24T00:37:41.623516Z","times_seen":47,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":107,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/jscripts/general.js?ver=1821","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.343Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /jscripts/general.js?ver=1821 HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":137,"timings":{"blocked":0,"dns":0,"connect":59,"send":0,"wait":0,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"candydollz.top/task.php","fqdn":"candydollz.top","domain":"candydollz.top","tld":"top"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://candydollz.top/","date":"2025-08-01T13:38:47.368Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /task.php HTTP/1.1\r\nHost: candydollz.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://candydollz.top/\r\nCookie: mybb[lastvisit]=1754055527; mybb[lastactive]=1754055527; sid=e4b6c6607614d24e3df07b57a7a707e0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T03:31:09.46171Z","times_seen":13315120,"resource_available":true,"data":null}},"time_used":345,"timings":{"blocked":218,"dns":127,"connect":177,"send":0,"wait":0,"receive":0,"ssl":66},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-01","alert":"Sinkholed","trigger":"candydollz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}