{"report_id":"d23b65c0-aa00-4ab4-ac1c-03f165ca7d74","version":6,"status":"done","tags":[],"date":"2026-04-17T08:04:10Z","url":{"schema":"http","addr":"xurl.es/uhnu0","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"xurl.es/","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"title":"Acortador de URL gratis y sin caducidad | XURL.es","dom":{"size":9859,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"03bbe317e036f3914544317ad88140e6","sha1":"8473c934e34f538007edd8e034d429e769cf557e","sha256":"ed190f91176b350366f533279bb19d5fb151954cb5231d06d205668938da45f7","sha512":"19d2bec0a0ad95462e5ff4a9ba201a526054d1230ff94da321c18df16fcba8526446e9fd04ecabc52060b752b2af053763a19334617c7c39e39bf5dacd224ef1","ssdeep":"192:Y/Q6wgsJhv0MXU4AsG9ihsfaM0aBy0tye455a:Y/nOMMXB09ihF4Tt45a","tlshash":"8912816369f8947711a2819566f0bb0afee3810bd60a9151b2fe47e45fc3cc3c8539ac","dom_hash":"domhasha3aa35d57ebead79e66f56ac3d65d63d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xurl.es/uhnu0","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-22T08:04:10Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"xurl.es","ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":217678,"first_seen":"2017-02-03T10:09:25Z","last_seen":"2026-04-17T02:00:36.605427Z","alert_count":20,"request_count":5,"received_data":32729,"sent_data":2345,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"Bootstrap:5.3.3","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Google AdSense","description":"Google AdSense is a program run by Google through which website publishers serve advertisements that are targeted to the site content and audience.","website":"https://www.google.com/adsense/start/","common_platform_enumeration":"","icon":"Google AdSense.svg","categories":["Advertising"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-04-12T22:35:46.689898Z","alert_count":0,"request_count":2,"received_data":315094,"sent_data":905,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-12T22:16:45.621325Z","alert_count":0,"request_count":2,"received_data":58158,"sent_data":1062,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-12T22:20:19.752051Z","alert_count":0,"request_count":1,"received_data":3188,"sent_data":462,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-04-12T22:24:43.06808Z","alert_count":0,"request_count":1,"received_data":541455,"sent_data":428,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-04-12T23:11:18.280453Z","alert_count":0,"request_count":1,"received_data":90137,"sent_data":415,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xurl.es/","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"eventHandler","is_inline":false,"md5":"df77988082291012fde0ff4cdc60cb09","sha1":"c9f650aa970d4d846420a4b65debcd883ec8eb03","sha256":"d39e919994374fa210ab781645e6492a1b203ade5faa3402e8902df34b37936c","sha512":"1c97d56ef5f48623d4ea56b1eaa7a7805bada67305311efbda1f0cdf68a3a54ffcfb6acbcbc968c80de4fceab02838cdada1ed8daa62150786e95351cca69266","ssdeep":"","tlshash":"f79004733d53cc330ccd157f50f143c53c17c4013c0170154c050d104155d57403d544","size":44,"data":"","first_seen":"2025-12-24T02:01:04.736345Z","last_seen":"2026-04-19T02:07:02.763737Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/js/funciones.js","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"1c6cc6d87b146b86f572f256ac76a432","sha1":"ba522d25bd364d30c4de1567dd1a9d7a2df60746","sha256":"15b0e5c1021b841b2c6dced075c4236bec5916643a83f9fe8678a133c5ebdfec","sha512":"95d519904358a51dadf46e7320b063b8e11e238b66987696274c1722c2529f07e72b1ef18b8a09f4c0b2e16eae4f798a085067bf2d2a75834801b5fb67236d33","ssdeep":"48:vIRoqqOcOWWVPAsX1ayuzqy+UiYAwF2jHwY8GrAdj7tyqGeuYqhElaObYx0soyuf:6oqqdsX1amwwSdjByf9EE6n","tlshash":"ff81dd946ef22232412331a94bbfd7193a39511f6681fd80be5d9bc01f51719e723f98","size":4141,"data":"","first_seen":"2025-12-24T02:01:04.721869Z","last_seen":"2026-04-19T02:07:02.758691Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"e19d6a0e2105121641d284042037b6f1","sha1":"d3e5fc32d7ab8c497b14eaaa0407ddc01ac771d3","sha256":"e141dfcd041ae06795dcc1ba3464820c6ecc7dcae8eca9ba6c400110d36f38ab","sha512":"279468e682fc3ab679dc1fa5b4a790cd1eacbaff6313327a6b55bf4f2c16d1e832911de90b9804fb731edc77c4167aa014e0e3cf2eef250738d58a1387bb104b","ssdeep":"","tlshash":"76c08c88210b0c7041eb2a010b2fb200b00a321694d0da31390ea3044f22e13d754814","size":180,"data":"","first_seen":"2025-12-24T02:01:04.739234Z","last_seen":"2026-04-19T02:07:02.762161Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/sandbox%20eval%20code","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"23c336606ee3a6d444b305153fa0e2e2","sha1":"473a2111970ae2a94b373e656d20c4bd4184d703","sha256":"305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60","sha512":"ab0470885483545a0306733fa3a067239e299e0b47d35f9769a763f65ba5e9d928ee364a66f9e577499ab0c452f34dc7a3a48a774ce3d09e56fd88d1989e84ba","ssdeep":"","tlshash":"d1b09b13a650156d3f1166b1b951a003a1d977055fb75501f006005b1440ea559dc194","size":128,"data":"","first_seen":"2023-05-06T01:21:43Z","last_seen":"2026-04-19T09:53:23.445723Z","times_seen":68868,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"608db0cb095a7f4e20e35b820ae08226","sha1":"424be9990efe12b0463732167bf9d50b3098748c","sha256":"21b2aec54c7bd7f9ad902f21ec95c57eeb2d007e651071eda3bff0aae7ff028e","sha512":"d71ede273da4bc387647f5245f6bda0e3eb7e7a070d83b3dd0209cb5a771a3c8c2b0d2f71bc44e5461ec84a70d01e7cd4cf512da1ece48a8701fbbfd5d85a723","ssdeep":"","tlshash":"01b00273f0c28c7e4032b144227a3508b943011e82909020764d08709f3708ba5044c4","size":88,"data":"","first_seen":"2023-03-07T01:02:51Z","last_seen":"2026-04-19T04:04:45.464244Z","times_seen":656,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-N1QPRZJFZ8","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3933443ba91569cbafd6b0898af69cc5","sha1":"8a846caa4192c8f19c5ccfa41ec8b3f854cecb93","sha256":"a9fe185ee0c1ac94caa2097b9d6bbae2e97c86e9825d160f381bc68a2b390bd3","sha512":"032ad2a19d93fa9d43ff0fa0069526197262e081da530ce9c17078f504595ae422a8186aa04fb0677259f24f8fab6ff3205b481ab5862c7c447ad76e2366ed03","ssdeep":"6144:3r4OjKg7CA4MRBZtffJPj8B3U90yIjwcHA6LUgWbe77pka1P9jX9:/7t4MPffJL8EkZ7pkyt","tlshash":"2eb40aceb3c674225396f478903f01cba97b29a2b49cc89ab189ccf02d7455a5177f78","size":540849,"data":"","first_seen":"2026-04-17T08:04:13.306297Z","last_seen":"2026-04-17T15:36:50.438101Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/sandbox%20eval%20code","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"23c336606ee3a6d444b305153fa0e2e2","sha1":"473a2111970ae2a94b373e656d20c4bd4184d703","sha256":"305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60","sha512":"ab0470885483545a0306733fa3a067239e299e0b47d35f9769a763f65ba5e9d928ee364a66f9e577499ab0c452f34dc7a3a48a774ce3d09e56fd88d1989e84ba","ssdeep":"","tlshash":"d1b09b13a650156d3f1166b1b951a003a1d977055fb75501f006005b1440ea559dc194","size":128,"data":"","first_seen":"2023-05-06T01:21:43Z","last_seen":"2026-04-19T09:53:23.445723Z","times_seen":68868,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e477967e482f32e65d4ea9b2fd8e106","sha1":"ddc6e9ead6d16ae9237399ce41e8c1620cc59c36","sha256":"0833b2e9c3a26c258476c46266e6877fc75218625162e0460be9a3a098a61c6c","sha512":"ecf8bfa2d7656db091f8b9d6f85ecfc057120c93ae5090773b1b441db838bd232fcef26375ee0fa35bf8051f4675cf5a5cd50d155518f922b9d70593f161741a","ssdeep":"1536:WmwIiEEO+TBR2t4J9RirWDKsVA5y7fy3YJtC/r/45wZbfbXZTb0WU078:HwORx3YCD45wZbDZTb0g8","tlshash":"ce73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","size":80721,"data":"","first_seen":"2024-02-25T11:27:02Z","last_seen":"2026-04-19T09:34:48.809429Z","times_seen":22733,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"2efa45b505fb6ae50affd3673069dcca","sha1":"d6cada66a64c3e11f41a57c66be17e7cf33beaf3","sha256":"436dccac506d8f15513c537bf4bce14a4902851b6ed4bde9d2fa3b27e984f86a","sha512":"3b23911711e645ddd3dff542fa602d0bb99a7d33d6f8e585ba480ec517dc8a56c55ce4d25432ae5068020cad18ee21da6d655d2faae517475e6a5705c4b71a8c","ssdeep":"","tlshash":"da5000000000c0c00000000c00000000003003c30000030000cf0000000000c0000000","size":9,"data":"","first_seen":"2025-12-24T02:01:04.740998Z","last_seen":"2026-04-19T02:07:02.764548Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/sandbox%20eval%20code","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"23c336606ee3a6d444b305153fa0e2e2","sha1":"473a2111970ae2a94b373e656d20c4bd4184d703","sha256":"305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60","sha512":"ab0470885483545a0306733fa3a067239e299e0b47d35f9769a763f65ba5e9d928ee364a66f9e577499ab0c452f34dc7a3a48a774ce3d09e56fd88d1989e84ba","ssdeep":"","tlshash":"d1b09b13a650156d3f1166b1b951a003a1d977055fb75501f006005b1440ea559dc194","size":128,"data":"","first_seen":"2023-05-06T01:21:43Z","last_seen":"2026-04-19T09:53:23.445723Z","times_seen":68868,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pagead2.googlesyndication.com/pagead/js/adsbygoogle.js","fqdn":"pagead2.googlesyndication.com","domain":"googlesyndication.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e9e391ad98fbe1b2de0b7b4fa9ca904","sha1":"21d7771223e8286a06ad878af425094a40de32b5","sha256":"1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69","sha512":"defa1ba5ce4193014a4657fe394734634087d66c9db8024778ea2c3a59be02e38e0077725c7d000ff7046bea23070594f8942446c6068b4032d329d0716532b0","ssdeep":"","tlshash":"7731650e547cd5f601109cd6e52a3e24a036246b6e1930acf248e2246f3e04ff0ffae9","size":1648,"data":"","first_seen":"2023-05-06T01:21:43Z","last_seen":"2026-04-19T09:53:23.447446Z","times_seen":67115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pagead2.googlesyndication.com/pagead/js/adsbygoogle.js","fqdn":"pagead2.googlesyndication.com","domain":"googlesyndication.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e9e391ad98fbe1b2de0b7b4fa9ca904","sha1":"21d7771223e8286a06ad878af425094a40de32b5","sha256":"1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69","sha512":"defa1ba5ce4193014a4657fe394734634087d66c9db8024778ea2c3a59be02e38e0077725c7d000ff7046bea23070594f8942446c6068b4032d329d0716532b0","ssdeep":"","tlshash":"7731650e547cd5f601109cd6e52a3e24a036246b6e1930acf248e2246f3e04ff0ffae9","size":1648,"data":"","first_seen":"2023-05-06T01:21:43Z","last_seen":"2026-04-19T09:53:23.447446Z","times_seen":67115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-19T10:13:27.327551Z","times_seen":451939,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"e0eaa312c6884ef5f8a21a0ecf300b49","sha1":"11e5e4574ac8c1ced03dde10e12e2c56d936ed17","sha256":"2fd36d4ea04bc5fd73dec2336bbcff253b66d359bdd5af31565d3ba78593318c","sha512":"56d0164b4e2882de90b2815fffc2c468843832736e7e2ef239cfd072a28073fc2184aa1188e6a2060f62c12e821e57f5e15f5ca8356bef301d5845182ecae363","ssdeep":"","tlshash":"70900233f0c18c7e4021b04411693508b543011c8290102066010830953704b95040c4","size":50,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-04-19T09:26:18.653437Z","times_seen":14338,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"65f175e81c649ff03b5aeea37e448f8c","sha1":"2bdf72fb6154936098106af882c2e5c0ad9d5b30","sha256":"9203d232aec4bb46416de593ad93123d92a014b01a9f0dfaa554a66afe540dfe","sha512":"bfc37d130302813155ce58d84eacd6210fcb999a10677071b1b02f2fd1f1e6ae6e0051ee9e93348182903ab15dc8d85ff3ad8ed0b32ceed941b432ea420e4052","ssdeep":"","tlshash":"2ca00273f0c28c7e4032b144227a3508b943011e82909020764d08709f3708ba5044c4","size":72,"data":"","first_seen":"2023-03-08T15:13:03Z","last_seen":"2026-04-19T04:04:45.466103Z","times_seen":643,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pagead2.googlesyndication.com/pagead/js/adsbygoogle.js","fqdn":"pagead2.googlesyndication.com","domain":"googlesyndication.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e9e391ad98fbe1b2de0b7b4fa9ca904","sha1":"21d7771223e8286a06ad878af425094a40de32b5","sha256":"1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69","sha512":"defa1ba5ce4193014a4657fe394734634087d66c9db8024778ea2c3a59be02e38e0077725c7d000ff7046bea23070594f8942446c6068b4032d329d0716532b0","ssdeep":"","tlshash":"7731650e547cd5f601109cd6e52a3e24a036246b6e1930acf248e2246f3e04ff0ffae9","size":1648,"data":"","first_seen":"2023-05-06T01:21:43Z","last_seen":"2026-04-19T09:53:23.447446Z","times_seen":67115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"xurl.es/uhnu0","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-17T08:03:43.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xurl.es","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 09:19:47 GMT","end":"Sat, 23 May 2026 09:19:46 GMT"},"fingerprint":{"sha1":"C8:9E:A3:91:C9:24:ED:07:61:FB:19:FE:80:4A:BA:DE:B3:7B:ED:F5","sha256":"A2:12:22:5F:2C:03:24:66:85:A9:A5:AA:B7:D7:85:F6:C5:0C:E0:4E:F0:0F:CF:57:45:2E:25:DD:81:AA:D9:9A"}}},"request":{"raw":"GET /uhnu0 HTTP/1.1\r\nHost: xurl.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Fri, 17 Apr 2026 08:03:43 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: https://xurl.es\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\nx-powered-by: PHP/7.4.33, PleskLin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10309,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T10:23:19.677194Z","times_seen":13930759,"resource_available":true,"data":null}},"time_used":320,"timings":{"blocked":129,"dns":13,"connect":54,"send":0,"wait":62,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xurl.es/","date":"2026-04-17T08:03:43.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.3.3/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xurl.es/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 5.3.3\r\nx-jsd-version-type: version\r\netag: W/\"38d63-xawd7pYctZoEUlbsID9p4xeHL3w\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Fri, 17 Apr 2026 08:03:44 GMT\r\nage: 1796909\r\nx-served-by: cache-fra-etou8220150-FRA, cache-hel1410031-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 33206\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232803,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"a549af2a81cd9900ee897d8bc9c4b5e9","sha1":"c5ac1dee961cb59a045256ec203f69e317872f7c","sha256":"3c8f27e6009ccfd710a905e6dcf12d0ee3c6f2ac7da05b0572d3e0d12e736fc8","sha512":"8e74ae0384acd8f9248a448e2ed62cf0195821e7882b587df6dcb861fbd13c0973af7efbbebdc25c36fbb1bede1040588c3b5c623f808c11f714bbf9b9226e5e","ssdeep":"1536:O9YnIWbn98fdRfvO5wlP77k9P3EV98IsYRElV6V6pz600I41r:RnIw98fbV986I6V6pz600I41r","tlshash":"dc3482d6f590317d9ca7c1499681fefd896fa985cb120aa6f003776807cabd30962dcc","first_seen":"2024-02-25T11:27:02Z","last_seen":"2026-04-19T09:23:34.501404Z","times_seen":19100,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":52,"dns":1,"connect":26,"send":0,"wait":27,"receive":10,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xurl.es/","date":"2026-04-17T08:03:43.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xurl.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 5.3.3\r\nx-jsd-version-type: version\r\netag: W/\"13b51-3cbp6tbRaukjc5nOQejBYgzFnDY\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Fri, 17 Apr 2026 08:03:44 GMT\r\nage: 1749448\r\nx-served-by: cache-fra-etou8220126-FRA, cache-hel1410031-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 24464\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80721,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"2e477967e482f32e65d4ea9b2fd8e106","sha1":"ddc6e9ead6d16ae9237399ce41e8c1620cc59c36","sha256":"0833b2e9c3a26c258476c46266e6877fc75218625162e0460be9a3a098a61c6c","sha512":"ecf8bfa2d7656db091f8b9d6f85ecfc057120c93ae5090773b1b441db838bd232fcef26375ee0fa35bf8051f4675cf5a5cd50d155518f922b9d70593f161741a","ssdeep":"1536:WmwIiEEO+TBR2t4J9RirWDKsVA5y7fy3YJtC/r/45wZbfbXZTb0WU078:HwORx3YCD45wZbDZTb0g8","tlshash":"ce73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","first_seen":"2024-02-25T11:27:02Z","last_seen":"2026-04-19T09:34:48.809429Z","times_seen":22733,"resource_available":true,"data":null}},"time_used":168,"timings":{"blocked":57,"dns":0,"connect":28,"send":0,"wait":27,"receive":20,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/js/funciones.js","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xurl.es/","date":"2026-04-17T08:03:43.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xurl.es","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 09:19:47 GMT","end":"Sat, 23 May 2026 09:19:46 GMT"},"fingerprint":{"sha1":"C8:9E:A3:91:C9:24:ED:07:61:FB:19:FE:80:4A:BA:DE:B3:7B:ED:F5","sha256":"A2:12:22:5F:2C:03:24:66:85:A9:A5:AA:B7:D7:85:F6:C5:0C:E0:4E:F0:0F:CF:57:45:2E:25:DD:81:AA:D9:9A"}}},"request":{"raw":"GET /js/funciones.js HTTP/1.1\r\nHost: xurl.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xurl.es/\r\nCookie: PHPSESSID=an669hto741thmgavesct9rsp6\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 17 Apr 2026 08:03:43 GMT\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 19 Dec 2025 10:42:36 GMT\r\netag: W/\"69452c1c-102d\"\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\nx-powered-by: PleskLin\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4141,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"1c6cc6d87b146b86f572f256ac76a432","sha1":"ba522d25bd364d30c4de1567dd1a9d7a2df60746","sha256":"15b0e5c1021b841b2c6dced075c4236bec5916643a83f9fe8678a133c5ebdfec","sha512":"95d519904358a51dadf46e7320b063b8e11e238b66987696274c1722c2529f07e72b1ef18b8a09f4c0b2e16eae4f798a085067bf2d2a75834801b5fb67236d33","ssdeep":"48:vIRoqqOcOWWVPAsX1ayuzqy+UiYAwF2jHwY8GrAdj7tyqGeuYqhElaObYx0soyuf:6oqqdsX1amwwSdjByf9EE6n","tlshash":"ff81dd946ef22232412331a94bbfd7193a39511f6681fd80be5d9bc01f51719e723f98","first_seen":"2025-12-24T02:01:04.721869Z","last_seen":"2026-04-19T02:07:02.758691Z","times_seen":63,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/quicksand/v37/6xKtdSZaM9iE8KbpRA_hK1QN.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xurl.es/","date":"2026-04-17T08:03:44.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/quicksand/v37/6xKtdSZaM9iE8KbpRA_hK1QN.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xurl.es\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 28244\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 11 Apr 2026 09:37:50 GMT\r\nexpires: Sun, 11 Apr 2027 09:37:50 GMT\r\ncache-control: public, max-age=31536000\r\nage: 512754\r\nlast-modified: Wed, 27 Aug 2025 19:19:09 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28244,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28244, version 1.0","md5":"9d503278216c2225184a236c64e0924b","sha1":"0c24c621374506ce70403a7473b47acd86bbf919","sha256":"2add7d60b1cd2ab84c9967e23d5ec08eb3fc9635c46855b17d59404dec6b410e","sha512":"fa1aca723eb40b6026aa1d21b36ce2573e4164516c9a0b55ff830a434c3954833a06b1df76236b1d682107df1bd3d263ed19cba854c1a6795566a7091749696d","ssdeep":"768:/6zZ6KBVHUlHvwCa0z1sCvODsIBMTKmJ3GG5x4:yzdKvwtszvdNjz4","tlshash":"3cc2e083d14afb33d0afb77adc52d022e9756bccec7e587a97a900398895c1b0644285","first_seen":"2025-09-02T18:36:17.739185Z","last_seen":"2026-04-19T09:39:12.916879Z","times_seen":8173,"resource_available":false,"data":null}},"time_used":187,"timings":{"blocked":81,"dns":1,"connect":7,"send":0,"wait":12,"receive":8,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/favicon.ico","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xurl.es/","date":"2026-04-17T08:03:44.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xurl.es","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 09:19:47 GMT","end":"Sat, 23 May 2026 09:19:46 GMT"},"fingerprint":{"sha1":"C8:9E:A3:91:C9:24:ED:07:61:FB:19:FE:80:4A:BA:DE:B3:7B:ED:F5","sha256":"A2:12:22:5F:2C:03:24:66:85:A9:A5:AA:B7:D7:85:F6:C5:0C:E0:4E:F0:0F:CF:57:45:2E:25:DD:81:AA:D9:9A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xurl.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xurl.es/\r\nCookie: PHPSESSID=an669hto741thmgavesct9rsp6\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 17 Apr 2026 08:03:44 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\ncontent-length: 894\r\nx-accel-version: 0.01\r\nlast-modified: Thu, 25 Feb 2021 22:25:52 GMT\r\netag: \"37e-5bc30a25d98d2\"\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\nx-powered-by: PleskLin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":894,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel","md5":"a92c16df624836ec83788f6ea49cfa20","sha1":"416b608d137fc57cf95634772fb1fa64b5663ff9","sha256":"3fc58323e2be087681a39e512513c2ce1f7d9b012f2e88f03d7726c50b2cde53","sha512":"4ce6b2507654d0eacc1c17d72bfaa8d0705fa2c85d1ff21b99f9c1d175ac070abc0233da5feb09e01d1bb208df28a2d9134d8a992f9781ecd93cbda648167856","ssdeep":"","tlshash":"fb11ab1332c04b68c9268b74707819ee222f1fad5db0e50f3509b14b6f774c305604d1","first_seen":"2023-05-18T20:05:34Z","last_seen":"2026-04-19T02:07:02.759593Z","times_seen":74,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-17T08:03:43.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xurl.es","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 09:19:47 GMT","end":"Sat, 23 May 2026 09:19:46 GMT"},"fingerprint":{"sha1":"C8:9E:A3:91:C9:24:ED:07:61:FB:19:FE:80:4A:BA:DE:B3:7B:ED:F5","sha256":"A2:12:22:5F:2C:03:24:66:85:A9:A5:AA:B7:D7:85:F6:C5:0C:E0:4E:F0:0F:CF:57:45:2E:25:DD:81:AA:D9:9A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xurl.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 17 Apr 2026 08:03:43 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 3083\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=an669hto741thmgavesct9rsp6; path=/\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\nx-powered-by: PHP/7.4.33, PleskLin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Bootstrap:5.3.3","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Google AdSense","description":"Google AdSense is a program run by Google through which website publishers serve advertisements that are targeted to the site content and audience.","website":"https://www.google.com/adsense/start/","common_platform_enumeration":"","icon":"Google AdSense.svg","categories":["Advertising"]}],"data":{"size":10309,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"e8d9690f38b1839f1179a821517f22c6","sha1":"47241aae5ef5cd74c0388c6b6083f3dea388578c","sha256":"6c52fd7406e5e1df216fb60cd35580374dcd45b80b535a1c2142676110619baa","sha512":"406b8f415ee5b7b5c9046a426e977730e5f27b8b387f5e5599b93ac40e89653617d79a8bf41fb1a839e987add8619be8dce594c8a536f7663397c632a9236ec4","ssdeep":"192:E/Y6whsJh20TXS4AsG9CUs5aH0PBR0Cye455i:E/P1PTXj09CU6Z+C45i","tlshash":"722292632df894a311a2809566f4bb0afee2800bd64a9651b2fd03e45fc3cc7c85399c","first_seen":"2026-01-01T06:38:50.011702Z","last_seen":"2026-04-19T02:07:02.755088Z","times_seen":55,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Quicksand:wght@400;600\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xurl.es/","date":"2026-04-17T08:03:43.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css2?family=Quicksand:wght@400;600\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xurl.es/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 17 Apr 2026 08:03:44 GMT\r\ndate: Fri, 17 Apr 2026 08:03:44 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2502,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"0f4538d53c53db5f732f0ef3656ab49b","sha1":"3f382e928eea0cc4252ae8905afe3c3193df0e78","sha256":"e888a271facb4c4ca427e279de7dafd4923ae96327e174979bb11939c354489e","sha512":"06acb0110142293f6d13d9254a57e2515f985bf67c9d54ce9951eeac86261cefce7fcfb971a4453a4c48e224b0b21fa7c3e2adf232a3ef28a03e07270d4bbc7d","ssdeep":"","tlshash":"6551cfd1447f7510db831dc122ce7e32ae4ea1547061c9799ffd1c88ac9ac263395b2d","first_seen":"2025-09-11T22:21:59.307948Z","last_seen":"2026-04-19T02:07:02.761276Z","times_seen":79,"resource_available":false,"data":null}},"time_used":393,"timings":{"blocked":181,"dns":1,"connect":7,"send":0,"wait":20,"receive":0,"ssl":180},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-N1QPRZJFZ8","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xurl.es/","date":"2026-04-17T08:03:43.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:35:08 GMT","end":"Mon, 22 Jun 2026 08:35:07 GMT"},"fingerprint":{"sha1":"7B:71:3D:9A:FE:85:53:DF:44:BB:90:D6:C4:82:1E:58:A2:A4:4B:F0","sha256":"CA:E9:C5:B9:FA:2B:F0:20:19:FF:0A:2C:CB:22:9F:C6:8B:41:0E:09:94:8E:E6:48:22:CA:02:F6:BA:10:B7:A3"}}},"request":{"raw":"GET /gtag/js?id=G-N1QPRZJFZ8 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xurl.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Fri, 17 Apr 2026 08:03:44 GMT\r\nexpires: Fri, 17 Apr 2026 08:03:44 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 176693\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":540849,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"3933443ba91569cbafd6b0898af69cc5","sha1":"8a846caa4192c8f19c5ccfa41ec8b3f854cecb93","sha256":"a9fe185ee0c1ac94caa2097b9d6bbae2e97c86e9825d160f381bc68a2b390bd3","sha512":"032ad2a19d93fa9d43ff0fa0069526197262e081da530ce9c17078f504595ae422a8186aa04fb0677259f24f8fab6ff3205b481ab5862c7c447ad76e2366ed03","ssdeep":"6144:3r4OjKg7CA4MRBZtffJPj8B3U90yIjwcHA6LUgWbe77pka1P9jX9:/7t4MPffJL8EkZ7pkyt","tlshash":"2eb40aceb3c674225396f478903f01cba97b29a2b49cc89ab189ccf02d7455a5177f78","first_seen":"2026-04-17T08:04:13.306297Z","last_seen":"2026-04-17T15:36:50.438101Z","times_seen":4,"resource_available":true,"data":null}},"time_used":416,"timings":{"blocked":170,"dns":0,"connect":7,"send":0,"wait":38,"receive":29,"ssl":169},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xurl.es/images/xurl.png","fqdn":"xurl.es","domain":"xurl.es","tld":"es"},"ip":{"addr":"217.154.180.96","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xurl.es/","date":"2026-04-17T08:03:43.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xurl.es","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 09:19:47 GMT","end":"Sat, 23 May 2026 09:19:46 GMT"},"fingerprint":{"sha1":"C8:9E:A3:91:C9:24:ED:07:61:FB:19:FE:80:4A:BA:DE:B3:7B:ED:F5","sha256":"A2:12:22:5F:2C:03:24:66:85:A9:A5:AA:B7:D7:85:F6:C5:0C:E0:4E:F0:0F:CF:57:45:2E:25:DD:81:AA:D9:9A"}}},"request":{"raw":"GET /images/xurl.png HTTP/1.1\r\nHost: xurl.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xurl.es/\r\nCookie: PHPSESSID=an669hto741thmgavesct9rsp6\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 17 Apr 2026 08:03:43 GMT\r\ncontent-type: image/png\r\ncontent-length: 5360\r\nlast-modified: Thu, 25 Feb 2021 22:25:57 GMT\r\netag: \"603823f5-14f0\"\r\nstrict-transport-security: max-age=15768000; includeSubDomains\r\nx-powered-by: PleskLin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 371 x 142, 8-bit colormap, non-interlaced","md5":"cf7d2bc79cec97dd5e956a7759215b48","sha1":"1691e90fdf25faf845cbc00f11492c8c8673ba2c","sha256":"aa5cce745f29df17c235f1341d0c9302da0c56d79bf056561a914129a89cbffc","sha512":"aa4282c370e5d0aa13955d731484965faae42ec593594e7810f578560a4541793ef87d3fd5d15b9160d9dc3176bf8cb4f294ff218a5f0e763a73a3855cc5307b","ssdeep":"96:llOUhB/9+JoNLPap0skmjsYgN8MuL93rnVjaGy/IF+sDjmc0fI:llOUht9UoNMlDs8MWrMGYi+sDChI","tlshash":"2fb19e1d335e8fe496e7f3566071a58cedc480846d6e8ade7f12a8d530b3481cc75164","first_seen":"2023-05-18T20:05:34Z","last_seen":"2026-04-19T02:07:02.756788Z","times_seen":74,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"xurl.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xurl.es/","date":"2026-04-17T08:03:43.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.6.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xurl.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-15d9d\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Fri, 17 Apr 2026 08:03:44 GMT\r\nage: 1296195\r\nx-served-by: cache-lga21931-LGA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 71, 268399\r\nx-timer: S1776413024.035003,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30875\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-19T10:13:27.327551Z","times_seen":451939,"resource_available":true,"data":null}},"time_used":188,"timings":{"blocked":72,"dns":1,"connect":30,"send":0,"wait":27,"receive":11,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/quicksand/v37/6xKtdSZaM9iE8KbpRA_hK1QN.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xurl.es/","date":"2026-04-17T08:03:44.244Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/quicksand/v37/6xKtdSZaM9iE8KbpRA_hK1QN.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xurl.es\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 28244\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 11 Apr 2026 09:37:50 GMT\r\nexpires: Sun, 11 Apr 2027 09:37:50 GMT\r\ncache-control: public, max-age=31536000\r\nage: 512754\r\nlast-modified: Wed, 27 Aug 2025 19:19:09 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28244,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28244, version 1.0","md5":"9d503278216c2225184a236c64e0924b","sha1":"0c24c621374506ce70403a7473b47acd86bbf919","sha256":"2add7d60b1cd2ab84c9967e23d5ec08eb3fc9635c46855b17d59404dec6b410e","sha512":"fa1aca723eb40b6026aa1d21b36ce2573e4164516c9a0b55ff830a434c3954833a06b1df76236b1d682107df1bd3d263ed19cba854c1a6795566a7091749696d","ssdeep":"768:/6zZ6KBVHUlHvwCa0z1sCvODsIBMTKmJ3GG5x4:yzdKvwtszvdNjz4","tlshash":"3cc2e083d14afb33d0afb77adc52d022e9756bccec7e587a97a900398895c1b0644285","first_seen":"2025-09-02T18:36:17.739185Z","last_seen":"2026-04-19T09:39:12.916879Z","times_seen":8173,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":96,"dns":0,"connect":24,"send":0,"wait":8,"receive":3,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}