{"report_id":"d310d2d8-0ac2-46d1-91ad-fcc627065656","version":6,"status":"done","tags":[],"date":"2026-04-05T17:45:01Z","url":{"schema":"http","addr":"www.arcaservizisrl.it/?bs7trh","fqdn":"www.arcaservizisrl.it","domain":"arcaservizisrl.it","tld":"it"},"ip":{"addr":"89.46.109.11","port":0,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"final":{"url":{"schema":"https","addr":"giantadblocker.net/giant.php?bv=ekckSr14yZ\u0026cc=11693-27376-abe2fba0\u0026by=22861-9982-780-758124-35964-1775411082\u0026bx=ck\u0026cb=3\u0026ca=","fqdn":"giantadblocker.net","domain":"giantadblocker.net","tld":"net"},"title":"Giant Ad Blocker","dom":{"size":4381,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"448d79ac021b193faf61fa60d16fed3d","sha1":"8b1fcf07e72d8a46ba142b00380e943366c9a9f7","sha256":"7b5f7ae4b38c140ab38bd2b5ea2be7ad3caaf82cec302ec46600bf009594d45e","sha512":"d94e856c7af96945a700d1320dc5e41e78e23b832aabcde608ae3900fcff3fb5c1e697f801085560717af9017f21fd38a33b5709c807309198bc0cb88cdd8a80","ssdeep":"48:nxCSzyU1KE/4d4FxCr62DMa6LpdF6KzT92wLyBsCesyJpYagiu66MSRHR8:nsSzl7/LqJw7zT92WCTyJGFiZ6MKR8","tlshash":"8591320b55e320667953a0342beb675433a48503de0bed617edd5294cf88b956ae338c","dom_hash":"domhashe2a8e0108b2d1446b239b18bbb87a2ec","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.arcaservizisrl.it/?bs7trh","fqdn":"www.arcaservizisrl.it","domain":"arcaservizisrl.it","tld":"it"},"ip":{"addr":"89.46.109.11","port":0,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-10T17:45:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"eohap.isolatives.my.id","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"ldunadvexor.ldunadvexor.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"www.arcaservizisrl.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"spredirect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.arcaservizisrl.it","ip":{"addr":"89.46.109.11","port":443,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"domain_registered":"2013-03-26","domain_rank":0,"first_seen":"2026-03-02T14:23:06.414862Z","last_seen":"2026-04-05T11:48:39.113271Z","alert_count":2,"request_count":2,"received_data":11662,"sent_data":1011,"comment":"","tags":null,"fingerprints":[{"name":"Aruba.it","description":"Aruba.it is an Italian company mainly active in the web hosting and domain registration businesses.","website":"https://www.aruba.it","common_platform_enumeration":"","icon":"Aruba.it.svg","categories":["Hosting","PaaS"]}]},{"fqdn":"spredirect.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-07-21","domain_rank":0,"first_seen":"2026-03-20T14:33:22.477954Z","last_seen":"2026-04-04T04:38:22.927279Z","alert_count":1,"request_count":1,"received_data":1464,"sent_data":670,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ldunadvexor.ldunadvexor.shop","ip":{"addr":"216.104.36.158","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-03T10:34:20.092425Z","last_seen":"2026-04-03T10:34:20.092426Z","alert_count":2,"request_count":2,"received_data":21667,"sent_data":1733,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"telkucton.org","ip":{"addr":"84.16.252.20","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2025-09-02","domain_rank":0,"first_seen":"2025-10-10T02:50:43.332317Z","last_seen":"2026-04-03T10:34:20.920071Z","alert_count":0,"request_count":1,"received_data":773,"sent_data":594,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"giantadblocker.com","ip":{"addr":"172.67.210.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-12","domain_rank":0,"first_seen":"2025-08-26T11:46:30.11351Z","last_seen":"2026-04-04T16:53:11.27491Z","alert_count":0,"request_count":2,"received_data":18340,"sent_data":892,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"tr-marker.com","ip":{"addr":"209.38.217.124","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"domain_registered":"2022-11-04","domain_rank":0,"first_seen":"2022-11-04T18:07:56Z","last_seen":"2026-04-04T16:53:12.038051Z","alert_count":0,"request_count":3,"received_data":15241,"sent_data":1873,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"giantadblocker.net","ip":{"addr":"104.21.26.165","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-07","domain_rank":0,"first_seen":"2025-08-27T05:32:20.082556Z","last_seen":"2026-04-04T16:53:11.297085Z","alert_count":0,"request_count":1,"received_data":5228,"sent_data":591,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"besvot91rk.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-05","domain_rank":0,"first_seen":"2026-01-14T21:24:24.980046Z","last_seen":"2026-04-04T16:53:11.568653Z","alert_count":0,"request_count":1,"received_data":902,"sent_data":646,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"eohap.isolatives.my.id","ip":{"addr":"104.21.67.168","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-25","domain_rank":0,"first_seen":"2026-04-03T10:34:20.090886Z","last_seen":"2026-04-03T10:34:20.090886Z","alert_count":1,"request_count":1,"received_data":11829,"sent_data":510,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:7.0.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tr-marker.com/d?zid=22861\u0026uid=516\u0026pubid=11693-27376-abe2fba0\u0026psubid=1abghh94g0082","fqdn":"tr-marker.com","domain":"tr-marker.com","tld":"com"},"ip":{"addr":"209.38.217.124","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"237f09ade07e56bcfa312c1a6d196d20","sha1":"e32875ed362e90bb599da22ae87a9589a6cc3c4f","sha256":"729c4db52cd336aaa0d702b28b3ec45ed9c1716e66f49aae000d34d3fe454bcc","sha512":"6b38c2ea965b3c984c6ae560d78cb0427ccc6ff5c8278508980792a6cfaf311eb3223e496663398398aec098305e1bdde67fa958f2235e07b873de3af8bcbfe9","ssdeep":"192:UAy90GS330wuF+t6mH36WaDQOS9EQRpbSNcT/pU70toX4:HHc0OHo","tlshash":"eb420d560dab615601d7adec9bbf54083337c0db35c8aa743cae1b054fdfe64a260b94","size":12913,"data":"","first_seen":"2026-04-05T17:45:03.222749Z","last_seen":"2026-04-05T17:45:03.222749Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"giantadblocker.net/giant.php?bv=ekckSr14yZ\u0026cc=11693-27376-abe2fba0\u0026by=22861-9982-780-758124-35964-1775411082\u0026bx=ck\u0026cb=3\u0026ca=","fqdn":"giantadblocker.net","domain":"giantadblocker.net","tld":"net"},"ip":{"addr":"104.21.26.165","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ca84792bb0dc6083c96782a7824ad508","sha1":"aedb8348b8fc1117935cfecfc7511ebc7d46f261","sha256":"5fdda85bc78402db912d0735a5c516c8a4ea0aad6661001242f745e7c7df76b5","sha512":"ddad800048f7cf6fa302122e23fec999dd89e9761ac6eb1daf30495449ef984f1ccbde3045a9a8563646ed718c80726cadfa6414748a608b4f2db1c49b777953","ssdeep":"","tlshash":"90f0686905aa16b92677703a470f7a0036f704931018f8007e4cae424fe0f1664fa1c3","size":455,"data":"","first_seen":"2026-01-14T21:24:28.6279Z","last_seen":"2026-04-05T20:36:59.798674Z","times_seen":85,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.arcaservizisrl.it/?bs7trh","fqdn":"www.arcaservizisrl.it","domain":"arcaservizisrl.it","tld":"it"},"ip":{"addr":"89.46.109.11","port":443,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"introduction_type":"scriptElement","is_inline":true,"md5":"41e9b3017782f5b585e69d5511196465","sha1":"1f0fea45a9ff9e697c793dcfbc8ee0813c5aa15a","sha256":"87ad39a7c49b393f2beec8cb95d2a41fc90b2b460fd4c3399d6cfef199600244","sha512":"3063b5c5f4fe7ad6b6628e42be2f47f0335247561126c1c4e28506aaa3da0b4d7e7220302842f7e4ee9d221ed1d5f7817b50acc8eab3dfeee650c5fa65e14efb","ssdeep":"","tlshash":"55b01240970c9c4042f105596d7144a6ad14c1ff366678457c0fb4f061404ca49b3431","size":125,"data":"","first_seen":"2026-01-15T12:54:37.353924Z","last_seen":"2026-04-05T20:36:59.795797Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ldunadvexor.ldunadvexor.shop/?utm_term=7625332525572816998\u0026utm_content=fdc2c69a9caf9cad93919891a69694978ebb8db98f8d848db282808382b784b5bb8bbab9bfb7bdbdb2b2b0b1b6b7b4b59aaa9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddede2d1d4e1d4d3e4d1c2fbf8c8ccc7ccfdc3c3c2c5f6c5c4c0a8affaf1a8cffefdf1f3f0f1f6f7f6f4ebebe8e9eedfdcedd2e4e6e5e2e0e1e61e12101d161b1515172316151f1f161c0b080c0006080f0f0733025703035500693908687d76626e0256544206626a284f48347c701f2e292a722027163a77210c095d500c6f5d5f5a536050565550cd","fqdn":"ldunadvexor.ldunadvexor.shop","domain":"ldunadvexor.shop","tld":"shop"},"ip":{"addr":"216.104.36.158","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c9ca5d852d757c1b016c6cca540bbd14","sha1":"3213b4d88d5bdae84ce92b50d4519253c8e8831e","sha256":"eb1676d8278ec016d61775679565dd0829311f997746b9c0b33a22dce7ae61ee","sha512":"1e60cc36bc8f7857ecf815631acb99599196ce0901867c668664a7cae1ba95998f7900ec06f41cdf8a2090c26a4262109554d609fcc3d0ee6b06a1aadee97a3a","ssdeep":"","tlshash":"5201c048336b6de13af92493579d6238046b868f2d12075dbbe225e449eb19d4286c18","size":841,"data":"","first_seen":"2026-04-05T17:45:03.226718Z","last_seen":"2026-04-05T17:45:03.226718Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"eohap.isolatives.my.id/help/?1821584355485","fqdn":"eohap.isolatives.my.id","domain":"isolatives.my.id","tld":"my.id"},"ip":{"addr":"104.21.67.168","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:39.538Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"isolatives.my.id","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 09:11:07 GMT","end":"Sun, 17 May 2026 10:08:44 GMT"},"fingerprint":{"sha1":"C4:04:5A:35:79:A3:08:E7:C7:5E:BB:11:D1:74:8B:AF:3F:26:3B:A0","sha256":"D8:32:FA:44:59:C1:89:03:17:28:1F:27:17:DE:BD:C1:BD:D2:46:58:44:96:4F:9B:41:CF:E1:C1:55:37:0D:E5"}}},"request":{"raw":"GET /help/?1821584355485 HTTP/1.1\r\nHost: eohap.isolatives.my.id\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sun, 05 Apr 2026 17:44:40 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://ldunadvexor.ldunadvexor.shop/?utm_medium=9eb2bcdc89976429bc64127056a4a9d5d3a2b57a\u0026utm_campaign=HotejMain\u00261=346\u0026cid=346-0-2026040520443327db8d1593\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: PHP/7.0.33\r\nexpires: Thu, 21 Jul 1977 07:30:00 GMT\r\nlast-modified: Sun, 05 Apr 2026 17:44:40 GMT\r\ncache-control: max-age=0\r\npragma: no-cache\r\nset-cookie: 00831=%7B%22streams%22%3A%5B1775411073%5D%2C%22campaigns%22%3A%7B%22346%22%3A1775411073%7D%2C%22time%22%3A1775411073%7D; expires=Wed, 06-May-2026 17:44:40 GMT; Max-Age=2678400; path=/\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SrNMw7dFPfWYgbPb61LhIIJdcMS%2FAL6GobaLQ4aTX1rXn8LlG1j2ek5y1Oztm0iF6HbWi2AV2oVqKbAeUetAOMMpXJ%2FZoUe2BfI%2F0OVaelpcBGdXKO%2FIM0BYODobrZMXdGcChHNLhdOO\"}]}\r\ncf-ray: 9e7a5caf7f14c759-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:7.0.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":10757,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T20:11:35.189242Z","times_seen":13391169,"resource_available":true,"data":null}},"time_used":872,"timings":{"blocked":59,"dns":35,"connect":1,"send":0,"wait":753,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"eohap.isolatives.my.id","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ldunadvexor.ldunadvexor.shop/?utm_medium=9eb2bcdc89976429bc64127056a4a9d5d3a2b57a\u0026utm_campaign=HotejMain\u00261=346\u0026cid=346-0-2026040520443327db8d1593","fqdn":"ldunadvexor.ldunadvexor.shop","domain":"ldunadvexor.shop","tld":"shop"},"ip":{"addr":"216.104.36.158","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:40.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ldunadvexor.ldunadvexor.shop","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 30 Mar 2026 11:18:26 GMT","end":"Sun, 28 Jun 2026 11:18:25 GMT"},"fingerprint":{"sha1":"26:39:38:6B:8B:C6:D0:36:C8:DC:71:68:7E:7D:38:C0:BB:0B:A8:CD","sha256":"98:40:6B:3F:E4:BD:3F:08:7A:FB:39:AF:3D:63:55:D1:B4:C5:D9:83:8A:FC:2A:47:29:EA:94:C0:87:B9:FB:12"}}},"request":{"raw":"GET /?utm_medium=9eb2bcdc89976429bc64127056a4a9d5d3a2b57a\u0026utm_campaign=HotejMain\u00261=346\u0026cid=346-0-2026040520443327db8d1593 HTTP/1.1\r\nHost: ldunadvexor.ldunadvexor.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Apr 2026 17:44:40 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Form-Factors, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=604800; persist=1\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10757,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"data","md5":"8c54883c1ff4341f7a0c39106d242480","sha1":"7899b053f47c05a3d45a19208daeae3c4594dced","sha256":"2dd397e8b7e64c65a9a46ea6767fc578eacf1c8343f0bd0285a7a215b1d6e752","sha512":"c025fdd64f273854d75419e0d0c15a0d4ab516379e5abc7ce1ca3e5f18ee57c11fa394bbd608928d555049f018a2db87e5b9d0fedb58512e95a094b7b7c2aedd","ssdeep":"192:Y+2mri10UPl1b72ed6BWANl2BPZSunNAmJv37e22zncac7XMA:5iiol1bzLANlK2Qv3R2TH4r","tlshash":"ec22f9d4f7c8b435439369629d7f468ba035ef81084e8441c286d88a7cf1ec6a17ffa9","first_seen":"2026-04-05T17:45:03.203396Z","last_seen":"2026-04-05T17:45:03.203396Z","times_seen":1,"resource_available":true,"data":null}},"time_used":603,"timings":{"blocked":248,"dns":17,"connect":108,"send":0,"wait":109,"receive":0,"ssl":117},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"ldunadvexor.ldunadvexor.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"telkucton.org/cpa/11693/1790?subid1=d799v2n97ugs73cccgbg\u0026subid2=27376-abe2fba0","fqdn":"telkucton.org","domain":"telkucton.org","tld":"org"},"ip":{"addr":"84.16.252.20","port":443,"asn":28753,"as":"Leaseweb Deutschland GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:42.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telkucton.org","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 15:56:26 GMT","end":"Mon, 01 Jun 2026 15:56:25 GMT"},"fingerprint":{"sha1":"BD:1E:31:53:2E:04:60:DB:4E:17:CE:A5:9E:EF:B6:7D:B0:1D:05:6E","sha256":"45:22:2F:32:46:96:80:EB:3A:FE:08:6E:FC:3F:9C:44:9F:2F:2E:0C:F5:E6:2D:43:C1:FC:E7:A1:FA:78:71:D6"}}},"request":{"raw":"GET /cpa/11693/1790?subid1=d799v2n97ugs73cccgbg\u0026subid2=27376-abe2fba0 HTTP/1.1\r\nHost: telkucton.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ldunadvexor.ldunadvexor.shop/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 17:44:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 314\r\nConnection: close\r\nContent-Encoding: identity\r\nExpires: Mon, 26 Jul 1997 05:00:00 GMT\r\nLast-Modified: Sun, 05 Apr 2026 17:44:42 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\nPragma: no-cache\r\nSet-Cookie: mobitck=1; expires=Sun, 05-Apr-2026 23:59:59 GMT; Max-Age=22517; path=/; HttpOnly\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":314,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"e8b3960bb9851360ee1653243b72cd31","sha1":"385a6e7d9dc4d8af697d49a68f38fe5bd4a46826","sha256":"692512d203b622812d00ee4a42d2f8d474ed4a32a570bfc5c4e1624bf8b70397","sha512":"06f0378ffcde999c9c2935c0a6d2da5fe59a75d76e446e68a7adeb6ee0660fbf3325e9a21b955cc0242fc05fc7de1821be61415263fd9d4b320737410910fe90","ssdeep":"","tlshash":"6de0c2e314054506437146707df5f34da502ae08f42ac960f5a090eb5cf8f0ed4a33f8","first_seen":"2026-04-05T17:45:03.207005Z","last_seen":"2026-04-05T17:45:03.207005Z","times_seen":1,"resource_available":true,"data":null}},"time_used":205,"timings":{"blocked":82,"dns":20,"connect":26,"send":0,"wait":40,"receive":1,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"giantadblocker.com/images/icon.png","fqdn":"giantadblocker.com","domain":"giantadblocker.com","tld":"com"},"ip":{"addr":"172.67.210.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://giantadblocker.net/giant.php?bv=ekckSr14yZ\u0026cc=11693-27376-abe2fba0\u0026by=22861-9982-780-758124-35964-1775411082\u0026bx=ck\u0026cb=3\u0026ca=","date":"2026-04-05T17:44:43.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"giantadblocker.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 04 Mar 2026 07:29:52 GMT","end":"Tue, 02 Jun 2026 08:28:18 GMT"},"fingerprint":{"sha1":"41:25:B2:CD:5A:C3:61:86:7E:BA:5B:97:B3:7E:2C:69:F0:FF:85:CD","sha256":"DC:69:2C:82:42:71:C9:23:8E:C3:1D:AF:61:66:5A:DB:20:2F:59:79:2B:F6:D9:92:E5:60:AD:2F:22:5A:EF:14"}}},"request":{"raw":"GET /images/icon.png HTTP/1.1\r\nHost: giantadblocker.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://giantadblocker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Apr 2026 17:44:43 GMT\r\ncontent-type: image/png\r\ncontent-length: 8521\r\nserver: cloudflare\r\nlast-modified: Wed, 30 Jul 2025 13:53:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"688a23dd-2149\"\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=28EeM%2BXL%2FERkHX56fFHhW3NE0nYvLBei7sUdCi0qy%2F%2FO%2FuFMwreg%2BQPXwpMZB3GUgvsL6oToQaSiPFOkq0%2FA1T%2BQjuPocOcBbBZA1kKipHZfhsdJUm07kPu6NmHiaN96GKpav5I%3D\"}]}\r\ncf-ray: 9e7a5cc8580b5689-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8521,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"791a16c3d6fb4b9a2a571ae0c62dc445","sha1":"17b67f4e0c61d18a1b08e338d4ca9a0516efeacf","sha256":"c7588427113133877dc0188e7751862933a9d0c312907d8859056d1f3115edde","sha512":"4665f1a2350c0c8b5a01e1bf4e4725e2245f4e5cd77a1eac3c8294d3fb934971abecd6284ceaae3a66c45db780de8340cf295d5ecacf999d7cdac548300421b1","ssdeep":"192:WS94+0GOnDr3M3rTWOTKpHVKvM1Ba7cSlxUSI7xsGAMuq:5+G6rM32hBkvM1BMFlxLI7zpT","tlshash":"1702af0efc44c63f12d356a2fbf2a411cd751419684ef206443a80a8a7c79e91d6aec4","first_seen":"2025-10-07T21:06:33.239109Z","last_seen":"2026-04-05T20:36:59.792931Z","times_seen":105,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":66,"dns":42,"connect":1,"send":0,"wait":66,"receive":1,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.arcaservizisrl.it/?bs7trh","fqdn":"www.arcaservizisrl.it","domain":"arcaservizisrl.it","tld":"it"},"ip":{"addr":"89.46.109.11","port":443,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:39.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.arcaservizisrl.it","organization":""},"issuer":{"commonName":"Actalis Domain Validation Server CA G3","organization":"Actalis S.p.A."},"validity":{"start":"Sun, 30 Nov 2025 04:24:40 GMT","end":"Thu, 31 Dec 2026 04:24:39 GMT"},"fingerprint":{"sha1":"5A:CF:A5:AF:F4:52:72:1C:F3:39:1F:FA:9C:1F:91:F8:49:2B:6D:22","sha256":"A8:EA:46:EA:D9:61:6C:9D:AF:F9:83:3C:FC:65:62:14:5A:8F:E9:B1:87:83:56:E3:36:D1:FE:36:CC:D8:D8:80"}}},"request":{"raw":"GET /?bs7trh HTTP/1.1\r\nHost: www.arcaservizisrl.it\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: aruba-proxy\r\ndate: Sun, 05 Apr 2026 17:44:39 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nx-servername: webx.aruba.it\r\nx-aruba-cache: BYPASS\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Aruba.it","description":"Aruba.it is an Italian company mainly active in the web hosting and domain registration businesses.","website":"https://www.aruba.it","common_platform_enumeration":"","icon":"Aruba.it.svg","categories":["Hosting","PaaS"]}],"data":{"size":340,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"731341be6339c78b19f4990e3d7b1cdf","sha1":"ab647100558d1e1a38a149dd84960498e2ec32c9","sha256":"0c2d7d8cb8196c3a19ae47b5a2f05750c0c8022b48260341dd0651df6641f16d","sha512":"f9a5a8d9f604274dd142dd29668c00d06ae7fb22c721406d163e646c890f541cb414c4792e6cff2db6c2f38c62b21f7b703051b42f24c2969bd0cbd70a49b679","ssdeep":"","tlshash":"4be0a75a3f4c6c4c418055970cf0e05c586fcdf733a1a40570f674b338412594e52170","first_seen":"2026-01-15T12:54:37.332755Z","last_seen":"2026-04-05T20:36:59.787854Z","times_seen":82,"resource_available":true,"data":null}},"time_used":515,"timings":{"blocked":235,"dns":49,"connect":35,"send":0,"wait":44,"receive":0,"ssl":148},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"www.arcaservizisrl.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tr-marker.com/d?zid=22861\u0026uid=516\u0026pubid=11693-27376-abe2fba0\u0026psubid=1abghh94g0082","fqdn":"tr-marker.com","domain":"tr-marker.com","tld":"com"},"ip":{"addr":"209.38.217.124","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:42.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tr-marker.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 03:48:18 GMT","end":"Sat, 27 Jun 2026 03:48:17 GMT"},"fingerprint":{"sha1":"C1:04:9F:82:B7:EF:CC:B2:C9:1B:FA:74:8F:EC:75:00:EF:FC:6A:64","sha256":"98:37:9A:50:1F:05:D0:09:65:BE:95:2A:90:33:41:C0:A2:97:7D:4D:F6:38:07:D3:A6:60:BE:95:A5:AB:F2:EB"}}},"request":{"raw":"GET /d?zid=22861\u0026uid=516\u0026pubid=11693-27376-abe2fba0\u0026psubid=1abghh94g0082 HTTP/1.1\r\nHost: tr-marker.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 05 Apr 2026 17:44:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13876,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"07c0eee200bd576bd56731163d4da787","sha1":"154db44c9ac31859f168c9164e50d8cf2a045687","sha256":"2606386fb5bd25d7db2997b6e37727481fba4234ac038c5595a80f7869047a47","sha512":"b2819b0665ee6c6a63f4a29557c8ac421d09c46a1fe4a4af270c5962d1750f10fbdab8ff3f07c5885408f8fe5c7588d5e5c5e9c536af14093edb0a7959515811","ssdeep":"192:k31/i91/t1kAy90GS330wuF+t6mH36WaDQOS9EQRpbSNcT/pU70toXR:DHc0OHh","tlshash":"ef523f160cab514601e369ecabffa5083337d09734ccaa743cad17058fdfe65a221ba4","first_seen":"2026-04-05T17:45:03.213014Z","last_seen":"2026-04-05T17:45:03.213014Z","times_seen":1,"resource_available":true,"data":null}},"time_used":247,"timings":{"blocked":105,"dns":32,"connect":33,"send":0,"wait":35,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"giantadblocker.net/giant.php?bv=ekckSr14yZ\u0026cc=11693-27376-abe2fba0\u0026by=22861-9982-780-758124-35964-1775411082\u0026bx=ck\u0026cb=3\u0026ca=","fqdn":"giantadblocker.net","domain":"giantadblocker.net","tld":"net"},"ip":{"addr":"104.21.26.165","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:43.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"giantadblocker.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 01 Apr 2026 04:01:49 GMT","end":"Tue, 30 Jun 2026 05:00:22 GMT"},"fingerprint":{"sha1":"48:AD:48:E7:2C:CF:13:35:16:20:BC:85:2F:F6:63:B8:7B:09:B0:A6","sha256":"5C:CA:FF:26:A9:AA:DA:C7:21:4F:16:DD:38:95:62:DC:4C:9E:41:29:DF:BD:03:18:F2:60:AC:8E:26:CC:19:71"}}},"request":{"raw":"GET /giant.php?bv=ekckSr14yZ\u0026cc=11693-27376-abe2fba0\u0026by=22861-9982-780-758124-35964-1775411082\u0026bx=ck\u0026cb=3\u0026ca= HTTP/1.1\r\nHost: giantadblocker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Apr 2026 17:44:43 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nset-cookie: _asd=17754110837565112; expires=Mon, 05-Apr-2027 17:44:43 GMT; Max-Age=31536000; path=/; samesite=none; domain=giantadblocker.net; secure\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y%2Brs8zgYcGp13csTkGs4bc8DuZpkK1qTJPJV0AvqQmpHKchSHfxFmYYQDhrNuK%2B1ozYJhLxNkUYnk75dKAJb5Bm8umyBTI9K%2BLEQLQ4u7qpdm%2F%2BZEKxBje0DjP4PDRbqvAhWftU%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9e7a5cc5bf4fb517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4405,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"5f5f5d8f90508584b7257071c2141d9f","sha1":"eaecaae91fa06a81e2355f93b344a24936989d4a","sha256":"b03960cb8530ba428173f3944c8260dca578f517c1c21ceab9a29d3bdd64dcb4","sha512":"5b1c21cb4dbbd341544311c849afaf2b6066cb8abab1d402a8cfc4e505f21b466f7e2304d32715a4e2b8621f619522a815dc4f3ec5aaec13a159d8fd29f6b446","ssdeep":"48:7CSzyU1KE/4d4FxCr62DMa6LpdF6KzT92wLyBsCesyJpYagiu66MSR+R8:mSzl7/LqJw7zT92WCTyJGFiZ6MHR8","tlshash":"3c91420b55e320667953a0342beb675833a58503de0bed603ece5284cf88b956ae33cc","first_seen":"2026-02-15T08:38:03.830764Z","last_seen":"2026-04-05T20:36:59.791424Z","times_seen":31,"resource_available":true,"data":null}},"time_used":386,"timings":{"blocked":53,"dns":30,"connect":1,"send":0,"wait":279,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"giantadblocker.com/images/icon.png","fqdn":"giantadblocker.com","domain":"giantadblocker.com","tld":"com"},"ip":{"addr":"172.67.210.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://giantadblocker.net/giant.php?bv=ekckSr14yZ\u0026cc=11693-27376-abe2fba0\u0026by=22861-9982-780-758124-35964-1775411082\u0026bx=ck\u0026cb=3\u0026ca=","date":"2026-04-05T17:44:43.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"giantadblocker.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 04 Mar 2026 07:29:52 GMT","end":"Tue, 02 Jun 2026 08:28:18 GMT"},"fingerprint":{"sha1":"41:25:B2:CD:5A:C3:61:86:7E:BA:5B:97:B3:7E:2C:69:F0:FF:85:CD","sha256":"DC:69:2C:82:42:71:C9:23:8E:C3:1D:AF:61:66:5A:DB:20:2F:59:79:2B:F6:D9:92:E5:60:AD:2F:22:5A:EF:14"}}},"request":{"raw":"GET /images/icon.png HTTP/1.1\r\nHost: giantadblocker.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://giantadblocker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Apr 2026 17:44:43 GMT\r\ncontent-type: image/png\r\ncontent-length: 8521\r\nserver: cloudflare\r\nlast-modified: Wed, 30 Jul 2025 13:53:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"688a23dd-2149\"\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LkU0YLPk3gd884Bj%2Bnr1VEZDAZusfoK9WaPw55Qil9MaAXZ2hnGx0fHdvXxIW%2Fa9wGEJgDTpmGzulWPAjnnYnbi6Fhiqfkfc3ktZqLP9vvU5HEkBYr0ZbesNjJ29uMl04AWJBHA%3D\"}]}\r\ncf-ray: 9e7a5cc8b86d5689-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8521,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"791a16c3d6fb4b9a2a571ae0c62dc445","sha1":"17b67f4e0c61d18a1b08e338d4ca9a0516efeacf","sha256":"c7588427113133877dc0188e7751862933a9d0c312907d8859056d1f3115edde","sha512":"4665f1a2350c0c8b5a01e1bf4e4725e2245f4e5cd77a1eac3c8294d3fb934971abecd6284ceaae3a66c45db780de8340cf295d5ecacf999d7cdac548300421b1","ssdeep":"192:WS94+0GOnDr3M3rTWOTKpHVKvM1Ba7cSlxUSI7xsGAMuq:5+G6rM32hBkvM1BMFlxLI7zpT","tlshash":"1702af0efc44c63f12d356a2fbf2a411cd751419684ef206443a80a8a7c79e91d6aec4","first_seen":"2025-10-07T21:06:33.239109Z","last_seen":"2026-04-05T20:36:59.792931Z","times_seen":105,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":64,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tr-marker.com/favicon.ico","fqdn":"tr-marker.com","domain":"tr-marker.com","tld":"com"},"ip":{"addr":"209.38.217.124","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tr-marker.com/d?zid=22861\u0026uid=516\u0026pubid=11693-27376-abe2fba0\u0026psubid=1abghh94g0082","date":"2026-04-05T17:44:42.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tr-marker.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 03:48:18 GMT","end":"Sat, 27 Jun 2026 03:48:17 GMT"},"fingerprint":{"sha1":"C1:04:9F:82:B7:EF:CC:B2:C9:1B:FA:74:8F:EC:75:00:EF:FC:6A:64","sha256":"98:37:9A:50:1F:05:D0:09:65:BE:95:2A:90:33:41:C0:A2:97:7D:4D:F6:38:07:D3:A6:60:BE:95:A5:AB:F2:EB"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: tr-marker.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 05 Apr 2026 17:44:42 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"37d5c3a24983196361e6ce9b1a499464","sha1":"2dd5878df894f3c648e42408879e9a61c112d1b3","sha256":"766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07","sha512":"cc140d1f61a01ba5f282d682dfeb19229426c7164b147a3031d3b5544c2d7213ce19b075a81d5e00750bdac7b1d9232b8b971e026d838ccae9466523338b09a9","ssdeep":"","tlshash":"eac08c6e2513bd4cc663217432c36490c08b93a7a4ea42228440805331cb2aa8ac7396","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-04-05T19:42:53.412166Z","times_seen":19851,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tr-marker.com/r?zid=22861\u0026uid=516\u0026c_from=\u0026pubid=11693-27376-abe2fba0\u0026psubid=1abghh94g0082\u0026s1=\u0026s2=\u0026s3=\u0026s4=\u0026s5=\u0026c_inif=n\u0026c_key=48%7C0%7C24%7C24%7C1%7C0%7C1280%7C1024%7C17%7C44%7C0%7C0%7CUTC%7Cen-US%7CWin32%7CMesa%7Cllvmpipe%7C11%7C16%7C4096%7C32%7C32%7C1%7C1%7C1%7C256%7C4096%7C32%7C16384%7C16384%7C16384%7C192%7C1%7C16%7C16384%7C128%7C128%7C16384%7C15%7C128%7C31%7C8%7C8%7C4%7C2048%7C2048%7C16%7C90%7C65536%7C90%7C262144%7C262144%7C64%7C4%7C64\u0026c_r=location","fqdn":"tr-marker.com","domain":"tr-marker.com","tld":"com"},"ip":{"addr":"209.38.217.124","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:42.740Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tr-marker.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 03:48:18 GMT","end":"Sat, 27 Jun 2026 03:48:17 GMT"},"fingerprint":{"sha1":"C1:04:9F:82:B7:EF:CC:B2:C9:1B:FA:74:8F:EC:75:00:EF:FC:6A:64","sha256":"98:37:9A:50:1F:05:D0:09:65:BE:95:2A:90:33:41:C0:A2:97:7D:4D:F6:38:07:D3:A6:60:BE:95:A5:AB:F2:EB"}}},"request":{"raw":"GET /r?zid=22861\u0026uid=516\u0026c_from=\u0026pubid=11693-27376-abe2fba0\u0026psubid=1abghh94g0082\u0026s1=\u0026s2=\u0026s3=\u0026s4=\u0026s5=\u0026c_inif=n\u0026c_key=48%7C0%7C24%7C24%7C1%7C0%7C1280%7C1024%7C17%7C44%7C0%7C0%7CUTC%7Cen-US%7CWin32%7CMesa%7Cllvmpipe%7C11%7C16%7C4096%7C32%7C32%7C1%7C1%7C1%7C256%7C4096%7C32%7C16384%7C16384%7C16384%7C192%7C1%7C16%7C16384%7C128%7C128%7C16384%7C15%7C128%7C31%7C8%7C8%7C4%7C2048%7C2048%7C16%7C90%7C65536%7C90%7C262144%7C262144%7C64%7C4%7C64\u0026c_r=location HTTP/1.1\r\nHost: tr-marker.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sun, 05 Apr 2026 17:44:42 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 229\r\nConnection: keep-alive\r\nLocation: https://besvot91rk.com//?campaign=ekckSr14yZ\u0026version=3\u0026zone=11693-27376-abe2fba0\u0026click=22861-9982-780-758124-35964-1775411082\u0026network=ck\u0026c_click_id=22861-9982-780-758124-35964-1775411082\r\nSet-Cookie: chrot=9982; Expires=Mon, 06 Apr 2026 00:00:00 GMT\nchfrq=eyI5OTgyIjp7ImlkIjo5OTgyLCJyZW1haW5kZXIiOjk5OX19; Expires=Mon, 06 Apr 2026 00:00:00 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":306,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T20:11:35.189242Z","times_seen":13391169,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.arcaservizisrl.it/?bs7trh","fqdn":"www.arcaservizisrl.it","domain":"arcaservizisrl.it","tld":"it"},"ip":{"addr":"89.46.109.11","port":443,"asn":31034,"as":"Aruba S.p.A.","country":"Italy","country_code":"IT"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:39.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.arcaservizisrl.it","organization":""},"issuer":{"commonName":"Actalis Domain Validation Server CA G3","organization":"Actalis S.p.A."},"validity":{"start":"Sun, 30 Nov 2025 04:24:40 GMT","end":"Thu, 31 Dec 2026 04:24:39 GMT"},"fingerprint":{"sha1":"5A:CF:A5:AF:F4:52:72:1C:F3:39:1F:FA:9C:1F:91:F8:49:2B:6D:22","sha256":"A8:EA:46:EA:D9:61:6C:9D:AF:F9:83:3C:FC:65:62:14:5A:8F:E9:B1:87:83:56:E3:36:D1:FE:36:CC:D8:D8:80"}}},"request":{"raw":"GET /?bs7trh HTTP/1.1\r\nHost: www.arcaservizisrl.it\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: check=1\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: aruba-proxy\r\ndate: Sun, 05 Apr 2026 17:44:39 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 0\r\nlocation: https://eohap.isolatives.my.id/help/?1821584355485\r\nx-servername: webx.aruba.it\r\nx-aruba-cache: BYPASS\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Aruba.it","description":"Aruba.it is an Italian company mainly active in the web hosting and domain registration businesses.","website":"https://www.aruba.it","common_platform_enumeration":"","icon":"Aruba.it.svg","categories":["Hosting","PaaS"]}],"data":{"size":10757,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T20:11:35.189242Z","times_seen":13391169,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"www.arcaservizisrl.it","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ldunadvexor.ldunadvexor.shop/?utm_term=7625332525572816998\u0026utm_content=fdc2c69a9caf9cad93919891a69694978ebb8db98f8d848db282808382b784b5bb8bbab9bfb7bdbdb2b2b0b1b6b7b4b59aaa9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddede2d1d4e1d4d3e4d1c2fbf8c8ccc7ccfdc3c3c2c5f6c5c4c0a8affaf1a8cffefdf1f3f0f1f6f7f6f4ebebe8e9eedfdcedd2e4e6e5e2e0e1e61e12101d161b1515172316151f1f161c0b080c0006080f0f0733025703035500693908687d76626e0256544206626a284f48347c701f2e292a722027163a77210c095d500c6f5d5f5a536050565550cd","fqdn":"ldunadvexor.ldunadvexor.shop","domain":"ldunadvexor.shop","tld":"shop"},"ip":{"addr":"216.104.36.158","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:41.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ldunadvexor.ldunadvexor.shop","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 30 Mar 2026 11:18:26 GMT","end":"Sun, 28 Jun 2026 11:18:25 GMT"},"fingerprint":{"sha1":"26:39:38:6B:8B:C6:D0:36:C8:DC:71:68:7E:7D:38:C0:BB:0B:A8:CD","sha256":"98:40:6B:3F:E4:BD:3F:08:7A:FB:39:AF:3D:63:55:D1:B4:C5:D9:83:8A:FC:2A:47:29:EA:94:C0:87:B9:FB:12"}}},"request":{"raw":"GET /?utm_term=7625332525572816998\u0026utm_content=fdc2c69a9caf9cad93919891a69694978ebb8db98f8d848db282808382b784b5bb8bbab9bfb7bdbdb2b2b0b1b6b7b4b59aaa9899f2fef2f9e1f0f1e1f3bae4e78386899b97efddede2d1d4e1d4d3e4d1c2fbf8c8ccc7ccfdc3c3c2c5f6c5c4c0a8affaf1a8cffefdf1f3f0f1f6f7f6f4ebebe8e9eedfdcedd2e4e6e5e2e0e1e61e12101d161b1515172316151f1f161c0b080c0006080f0f0733025703035500693908687d76626e0256544206626a284f48347c701f2e292a722027163a77210c095d500c6f5d5f5a536050565550cd HTTP/1.1\r\nHost: ldunadvexor.ldunadvexor.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ldunadvexor.ldunadvexor.shop/?utm_medium=9eb2bcdc89976429bc64127056a4a9d5d3a2b57a\u0026utm_campaign=HotejMain\u00261=346\u0026cid=346-0-2026040520443327db8d1593\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Apr 2026 17:44:41 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: accept-encoding\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Form-Factors, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=604800; persist=1\r\ncontent-encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9638,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (5224)","md5":"23cfcf01d2795819e0cd3e1d893cbb0c","sha1":"0a61e0140a3f4bf219f241a67140ba416da3a252","sha256":"64ef5f988a68ef673a53ef9804ed21c8e69abb01a741b3ec52091606ce92d89b","sha512":"8ef23ed178eb26f43f00c6bc0d8d8e2ab45f920ac685a745da890bcfe1ad7da6f1718edf158713489d24ad276d7857297408724e6bee018183edce88e506092c","ssdeep":"192:A1bRasCbI8sd1FuyA97ybw+xXN3T278yS89b73Y2a:2bRaXbI8sdHpxXNj24ySQkn","tlshash":"7d12b57bb44220a296678c4793de0a68053ad7136e230acef3917155c6d6fee834a74f","first_seen":"2026-04-05T17:45:03.218159Z","last_seen":"2026-04-05T17:45:03.218159Z","times_seen":1,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"ldunadvexor.ldunadvexor.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"spredirect.com/click?key=1c773f672c4340f793fa5b1d1223d2a1\u0026sid=M7625332525572816998\u0026cost=0\u0026pid=27376-abe2fba0\u0026pub=27376\u0026campaign_id=7f1430\u0026app_name=unknown","fqdn":"spredirect.com","domain":"spredirect.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:41.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"spredirect.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 04 Mar 2026 09:49:27 GMT","end":"Tue, 02 Jun 2026 10:48:03 GMT"},"fingerprint":{"sha1":"F3:57:03:6E:FF:11:3B:46:13:D1:96:35:73:6E:BA:62:19:66:6D:50","sha256":"61:32:AB:47:44:E3:81:CA:FC:E6:4E:E6:BC:00:9C:2F:E8:9E:63:B6:46:5A:D5:9A:1E:E1:0E:56:4F:A0:85:23"}}},"request":{"raw":"GET /click?key=1c773f672c4340f793fa5b1d1223d2a1\u0026sid=M7625332525572816998\u0026cost=0\u0026pid=27376-abe2fba0\u0026pub=27376\u0026campaign_id=7f1430\u0026app_name=unknown HTTP/1.1\r\nHost: spredirect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ldunadvexor.ldunadvexor.shop/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\ndate: Sun, 05 Apr 2026 17:44:42 GMT\r\ncontent-length: 0\r\nlocation: https://telkucton.org/cpa/11693/1790?subid1=d799v2n97ugs73cccgbg\u0026subid2=27376-abe2fba0\r\nset-cookie: bc14378=sploc0|7a9b68b66e02a8796742a03758583469::72853:0; Expires=Mon, 05 Apr 2027 17:44:42 GMT; Max-Age=31536000; SameSite=Lax\nrc14378=sploc0|7a9b68b66e02a8796742a03758583469::7042; Expires=Mon, 05 Apr 2027 17:44:42 GMT; Max-Age=31536000; SameSite=Lax\nuclick=nb6Cl11ZOdk1h7CmP2CYs1W+VdnHQYzZ7UcJklzh0hSr4EqgBR/nLy/76VFqp4xYPIcyERRG2A==; Max-Age=31536000; SameSite=Lax\nbcid=d799v2n97ugs73cccgbg; Max-Age=31536000; SameSite=Lax\r\nvia: 1.1 Caddy\r\nx-request-id: 0721a67a-75cc-4b77-9d97-f1eb263793b5\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=k%2FkdrWcZWCxcmhl8YPBww279lzZ1qzdyBWOwx3QMzecp9xIE0GF3FeEUcOJZZ2zx75XCMq8geNRRuWDNHY%2FeFFjpmDRQoUnObDoncqYD%2B2Zf%2BoAqFQ%2FrgClYk5ZJtkX4fA%3D%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9e7a5cbe3ee50b49-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":314,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T20:11:35.189242Z","times_seen":13391169,"resource_available":true,"data":null}},"time_used":232,"timings":{"blocked":57,"dns":29,"connect":1,"send":0,"wait":117,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"spredirect.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"besvot91rk.com//?campaign=ekckSr14yZ\u0026version=3\u0026zone=11693-27376-abe2fba0\u0026click=22861-9982-780-758124-35964-1775411082\u0026network=ck\u0026c_click_id=22861-9982-780-758124-35964-1775411082","fqdn":"besvot91rk.com","domain":"besvot91rk.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T17:44:42.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"besvot91rk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Mar 2026 15:41:01 GMT","end":"Wed, 03 Jun 2026 16:38:36 GMT"},"fingerprint":{"sha1":"A8:70:EB:DA:6E:94:C5:77:92:18:74:0C:3E:9C:7A:AA:32:97:05:6B","sha256":"A2:83:42:94:86:93:D4:C2:E6:A1:97:54:7A:5D:73:20:4B:E2:69:EE:1C:9F:B6:8B:E1:E8:87:EC:70:8B:20:47"}}},"request":{"raw":"GET //?campaign=ekckSr14yZ\u0026version=3\u0026zone=11693-27376-abe2fba0\u0026click=22861-9982-780-758124-35964-1775411082\u0026network=ck\u0026c_click_id=22861-9982-780-758124-35964-1775411082 HTTP/1.1\r\nHost: besvot91rk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Apr 2026 17:44:42 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oZ%2BA6cnkvpXIHqc8ajzE83%2F%2BNKRB3chRaybk1P7HzEQKKptgdXr%2Bjkj%2FI6uRm3RK4EPL5FYqyZkoIwv%2BCQ1lja1cy3pKjZEiXclqjsX1CVt4imZSNPzzcgS8066X7lJ6Nw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9e7a5cc3bb08b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":306,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"ed7831bb1f2724d9a2c057fc1134d4f8","sha1":"311b839cce53b1f5b6d3cc825b659882f0287627","sha256":"aba727e577e63fd01516640cc58802dcdf478605f26a29ee612feb9428c55d2d","sha512":"123918c28eeb5fc9b088fb28bb4c42793036a1ebdbb7afbfc2913fdc37b2985c9ff37b7e8463435b07610298c397b9b09e9c208fcb095585e5dbea9eb00853c4","ssdeep":"","tlshash":"07e0c263445d0fee6238426009b5b29850577da1ad9849e0c147609ffae4e64c2c72b4","first_seen":"2026-04-05T17:45:03.220783Z","last_seen":"2026-04-05T17:45:03.220783Z","times_seen":1,"resource_available":true,"data":null}},"time_used":261,"timings":{"blocked":60,"dns":42,"connect":1,"send":0,"wait":141,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}