{"report_id":"d798f83d-4550-4f10-965c-c1512b63ed06","version":6,"status":"done","tags":[],"date":"2026-04-23T18:12:47Z","url":{"schema":"http","addr":"bluhandur.com/","fqdn":"bluhandur.com","domain":"bluhandur.com","tld":"com"},"ip":{"addr":"104.21.61.43","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ljline.com/ixnSNNXbaRDDFYvjehWj/114915/?md=eyJ0dmMiOjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2xqbGluZS5jb20vaW1sTWRzR1d4T2NRbnhqa2YvQk1WUmU%2FcGFyYW1fND0xMjA0OTU5JnBhcmFtXzU9MTEzNjAxNjcyMTIxOTI2NDc2MSIsImgiOjkyMzgsInQiOjAsInoiOjgyMjUsImsiOjAsInUiOiI2NzQ5MDc0NmY3MjU4OTYyNmQyODE3IiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6IjltN25wb3ZpdXN5NHRqayIsIm8iOnRydWUsIm0iOjE3NzY5Njc5NDczNjEsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZHQiOmZhbHNlfQ\u0026pdc=J7wDy493KzCP5rkpfYA6LwScgKJuzrJ08B08CWBGYA0\u0026param_4=1204959\u0026param_5=1136016721219264761","fqdn":"ljline.com","domain":"ljline.com","tld":"com"},"title":"ljline.com/ixnSNNXbaRDDFYvjehWj/114915/?md=eyJ0dmMiOjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2xqbGluZS5jb20vaW1sTWRzR1d4T2NRbnhqa2YvQk1WUmU%2FcGFyYW1fND0xMjA0OTU5JnBhcmFtXzU9MTEzNjAxNjcyMTIxOTI2NDc2MSIsImgiOjkyMzgsInQiOjAsInoiOjgyMjUsImsiOjAsInUiOiI2NzQ5MDc0NmY3MjU4OTYyNmQyODE3IiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6IjltN25wb3ZpdXN5NHRqayIsIm8iOnRydWUsIm0iOjE3NzY5Njc5NDczNjEsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZHQiOmZhbHNlfQ\u0026pdc=J7wDy493KzCP5rkpfYA6LwScgKJuzrJ08B08CWBGYA0\u0026param_4=1204959\u0026param_5=1136016721219264761","dom":{"size":65,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"8373bffb9b16672d50f6ab3115da5bdd","sha1":"8e0eece5815b0b5926321905c0fc1b76f1952974","sha256":"70b268fa0902256c187cc1326ad68a1c363221d210b87d50940e95d5e90b1744","sha512":"9e2c75b4dc0c7ed0cfaf954dcaf7d24fd5c7cc0d40e2a08f17f401fb39691642ef8dc53c6ffabeb0420e3dd66160c3bf6171369011b5fedaa721d4ab08b23149","ssdeep":"","tlshash":"d2a002fadc51c1299cf039841ce2b25d0d1847583406dd8075c0adb58d543a69c22584","dom_hash":"domhash48ac854a4779f478aeefcee14490c06d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bluhandur.com/","fqdn":"bluhandur.com","domain":"bluhandur.com","tld":"com"},"ip":{"addr":"104.21.61.43","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-28T18:12:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"bluhandur.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ljline.com","ip":{"addr":"172.241.53.108","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2011-02-22","domain_rank":0,"first_seen":"2026-04-20T18:33:59.295318Z","last_seen":"2026-04-20T18:33:59.295318Z","alert_count":0,"request_count":4,"received_data":15623,"sent_data":5605,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"bluhandur.com","ip":{"addr":"172.67.206.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-19","domain_rank":3196586,"first_seen":"2025-05-30T23:09:48.093462Z","last_seen":"2026-02-15T14:13:54.644464Z","alert_count":2,"request_count":2,"received_data":1267,"sent_data":990,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"stoperinbent.world","ip":{"addr":"188.42.241.229","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-10T13:33:18.903145Z","last_seen":"2026-04-17T18:03:29.321439Z","alert_count":0,"request_count":2,"received_data":1069,"sent_data":1069,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"echonverforrinho.info/?tid=1204959","fqdn":"echonverforrinho.info","domain":"echonverforrinho.info","tld":"info"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":true,"md5":"48b82a825a35e57ccf2a1271b805baa1","sha1":"cc53e8df43de8379393a10e61d1e805e2dc38c5d","sha256":"1d2c98f5916d92db661bbccc35bb7c7dc25b7f37ede133e96697378ac78f296e","sha512":"a737c9fccda233032af7b12dfe4496e34291ade2c18c2e52b41f14a209edc111931bcba0b48bc347192a7cdfd7b8a0b4dd1f79c74e44a0d7a12173963d8fdf41","ssdeep":"","tlshash":"5eb092eb401880c16b9362c0cd1e2e4cde3b60ab7d666a12cae40a405689b8b525a685","size":117,"data":"","first_seen":"2026-04-23T18:12:49.0579Z","last_seen":"2026-04-23T18:12:49.0579Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ljline.com/imlMdsGWxOcQnxjkf/BMVRe?param_4=1204959\u0026param_5=1136016721219264761","fqdn":"ljline.com","domain":"ljline.com","tld":"com"},"ip":{"addr":"172.241.53.108","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"4cf145f1a81337168a114de472c0ac81","sha1":"2fb0ad890aa8d71ecce9fae44cd8bdd5e55f42a3","sha256":"30084f7a57733f68c1200ac43651211fefae21c399e55276204e4fe994fbf90f","sha512":"3f726619d6e289c43e70e5d586e28b447edcfb42610fa82a65ed0d79233bc57dba562ad708cf70fe8b0ca6482e38fa458d34bec49a44079e58b19b55c5f21c65","ssdeep":"192:9VYjPLuT82ij+U3P9dnCcjddinzlsU91BIkI1gVa6Ad/uoq9UsUMA2/6V88ekUrg:9VYjzyhiqU3P99CcjdIzn7BIkI1gVTAF","tlshash":"c842d9a1771070fa8bd685fba731da96a0265841385ed4e0c1ac5f407e4178ec6bfed8","size":12030,"data":"","first_seen":"2026-04-23T18:12:49.05949Z","last_seen":"2026-04-23T18:12:49.05949Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ljline.com/ixnSNNXbaRDDFYvjehWj/114915/?md=eyJ0dmMiOjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2xqbGluZS5jb20vaW1sTWRzR1d4T2NRbnhqa2YvQk1WUmU%2FcGFyYW1fND0xMjA0OTU5JnBhcmFtXzU9MTEzNjAxNjcyMTIxOTI2NDc2MSIsImgiOjkyMzgsInQiOjAsInoiOjgyMjUsImsiOjAsInUiOiI2NzQ5MDc0NmY3MjU4OTYyNmQyODE3IiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6IjltN25wb3ZpdXN5NHRqayIsIm8iOnRydWUsIm0iOjE3NzY5Njc5NDczNjEsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZHQiOmZhbHNlfQ\u0026pdc=J7wDy493KzCP5rkpfYA6LwScgKJuzrJ08B08CWBGYA0\u0026param_4=1204959\u0026param_5=1136016721219264761","fqdn":"ljline.com","domain":"ljline.com","tld":"com"},"ip":{"addr":"172.241.53.108","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"74bcdb854ab16ca0977687a071ccface","sha1":"3fc98dccf6a4c618323aacd44660d0c32d1e9016","sha256":"f729e7b610069468cbe062a7821762c27a15271967ac88eae69a538d48c5a29b","sha512":"2bb5e903bc4e9992428b89e3186d32a214428964230340b4f7eb82f0b48284f336ce91f0f13ae99f7bb0bf65c713d3acfd27033f12a74f6067a64426f616c2e1","ssdeep":"","tlshash":"e9500000c000000cc0c0000c0000300000000c0000030c000000000000300003030000","size":8,"data":"","first_seen":"2023-03-07T01:10:08Z","last_seen":"2026-04-23T18:12:49.061265Z","times_seen":9559,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ljline.com/favicon.ico","fqdn":"ljline.com","domain":"ljline.com","tld":"com"},"ip":{"addr":"172.241.53.108","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ljline.com/imlMdsGWxOcQnxjkf/BMVRe?param_4=1204959\u0026param_5=1136016721219264761","date":"2026-04-23T18:12:27.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ljline.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:45:12 GMT","end":"Tue, 30 Jun 2026 14:45:11 GMT"},"fingerprint":{"sha1":"FC:01:AA:BD:84:5F:85:84:C4:83:1A:F7:8B:A1:BB:E7:66:0E:D7:25","sha256":"91:B6:34:7E:F5:15:9E:AC:45:17:70:B5:20:6A:09:24:C9:5B:94:CA:AE:E6:05:8F:1A:9F:6E:95:F3:78:CD:AE"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ljline.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ljline.com/imlMdsGWxOcQnxjkf/BMVRe?param_4=1204959\u0026param_5=1136016721219264761\r\nCookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; GL_GI10=eJxjYGBgEuEXZMosEOSxNNSzNNAzMdIzNDURZEwXZPLzF2RKzhNk88svKk%2BsFGQsEmQyMBZkKsoT5PYvzslXcM4vzSsBiicLsoD4goyZgnxOOZkVCsH5OaUlmfl5xYJMQMzpnJiUk6rvEuwjyFjAxijIVJLPxiTIVJwiwiDIWMYmIciUk8jj4Pv51eb0BT%2BBnHweB9X6jdHhdqsFmQqKBVkMDc2MAIdyKeI%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-23T21:02:29.078164Z","times_seen":14117394,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ljline.com/favicon.ico","fqdn":"ljline.com","domain":"ljline.com","tld":"com"},"ip":{"addr":"172.241.53.108","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ljline.com/ixnSNNXbaRDDFYvjehWj/114915/?md=eyJ0dmMiOjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2xqbGluZS5jb20vaW1sTWRzR1d4T2NRbnhqa2YvQk1WUmU%2FcGFyYW1fND0xMjA0OTU5JnBhcmFtXzU9MTEzNjAxNjcyMTIxOTI2NDc2MSIsImgiOjkyMzgsInQiOjAsInoiOjgyMjUsImsiOjAsInUiOiI2NzQ5MDc0NmY3MjU4OTYyNmQyODE3IiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6IjltN25wb3ZpdXN5NHRqayIsIm8iOnRydWUsIm0iOjE3NzY5Njc5NDczNjEsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZHQiOmZhbHNlfQ\u0026pdc=J7wDy493KzCP5rkpfYA6LwScgKJuzrJ08B08CWBGYA0\u0026param_4=1204959\u0026param_5=1136016721219264761","date":"2026-04-23T18:12:27.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ljline.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:45:12 GMT","end":"Tue, 30 Jun 2026 14:45:11 GMT"},"fingerprint":{"sha1":"FC:01:AA:BD:84:5F:85:84:C4:83:1A:F7:8B:A1:BB:E7:66:0E:D7:25","sha256":"91:B6:34:7E:F5:15:9E:AC:45:17:70:B5:20:6A:09:24:C9:5B:94:CA:AE:E6:05:8F:1A:9F:6E:95:F3:78:CD:AE"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ljline.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ljline.com/ixnSNNXbaRDDFYvjehWj/114915/?md=eyJ0dmMiOjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2xqbGluZS5jb20vaW1sTWRzR1d4T2NRbnhqa2YvQk1WUmU%2FcGFyYW1fND0xMjA0OTU5JnBhcmFtXzU9MTEzNjAxNjcyMTIxOTI2NDc2MSIsImgiOjkyMzgsInQiOjAsInoiOjgyMjUsImsiOjAsInUiOiI2NzQ5MDc0NmY3MjU4OTYyNmQyODE3IiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6IjltN25wb3ZpdXN5NHRqayIsIm8iOnRydWUsIm0iOjE3NzY5Njc5NDczNjEsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZHQiOmZhbHNlfQ\u0026pdc=J7wDy493KzCP5rkpfYA6LwScgKJuzrJ08B08CWBGYA0\u0026param_4=1204959\u0026param_5=1136016721219264761\r\nCookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; GL_GI10=eJxjYGBgEuEXZMosEOSxNNSzNNAzMdIzNDURZEwXZPLzF2RKzhNk88svKk%2BsFGQsEmQyMBZkKsoT5PYvzslXcM4vzSsBiicLsoD4goyZgnxOOZkVCsH5OaUlmfl5xYJMQMzpnJiUk6rvEuwjyFjAxijIVJLPxiTIVJwiwiDIWMYmIciUk8jj4Pv51eb0BT%2BBnHweB9X6jdHhdqsFmQqKBVkMDc2MAIdyKeI%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 23 Apr 2026 18:12:27 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 1406\r\nlast-modified: Thu, 23 Apr 2026 14:06:18 GMT\r\netag: \"69ea275a-57e\"\r\nexpires: Fri, 24 Apr 2026 18:12:27 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1406,"size_decoded":0,"mime_type":"application/octet-stream","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-04-23T18:12:49.053284Z","times_seen":19953,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bluhandur.com/","fqdn":"bluhandur.com","domain":"bluhandur.com","tld":"com"},"ip":{"addr":"172.67.206.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-23T18:12:25.499Z","timestamp":0,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: bluhandur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ctid=4164014039\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-23T21:02:29.078164Z","times_seen":14117394,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"bluhandur.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ljline.com/ixnSNNXbaRDDFYvjehWj/114915/?md=eyJ0dmMiOjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2xqbGluZS5jb20vaW1sTWRzR1d4T2NRbnhqa2YvQk1WUmU%2FcGFyYW1fND0xMjA0OTU5JnBhcmFtXzU9MTEzNjAxNjcyMTIxOTI2NDc2MSIsImgiOjkyMzgsInQiOjAsInoiOjgyMjUsImsiOjAsInUiOiI2NzQ5MDc0NmY3MjU4OTYyNmQyODE3IiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6IjltN25wb3ZpdXN5NHRqayIsIm8iOnRydWUsIm0iOjE3NzY5Njc5NDczNjEsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZHQiOmZhbHNlfQ\u0026pdc=J7wDy493KzCP5rkpfYA6LwScgKJuzrJ08B08CWBGYA0\u0026param_4=1204959\u0026param_5=1136016721219264761","fqdn":"ljline.com","domain":"ljline.com","tld":"com"},"ip":{"addr":"172.241.53.108","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-23T18:12:27.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ljline.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:45:12 GMT","end":"Tue, 30 Jun 2026 14:45:11 GMT"},"fingerprint":{"sha1":"FC:01:AA:BD:84:5F:85:84:C4:83:1A:F7:8B:A1:BB:E7:66:0E:D7:25","sha256":"91:B6:34:7E:F5:15:9E:AC:45:17:70:B5:20:6A:09:24:C9:5B:94:CA:AE:E6:05:8F:1A:9F:6E:95:F3:78:CD:AE"}}},"request":{"raw":"GET /ixnSNNXbaRDDFYvjehWj/114915/?md=eyJ0dmMiOjAsInMiOiIxMjgweDEwMjQiLCJiIjoiMTI4MHgxMDI0IiwiciI6IiIsInEiOiJodHRwczovL2xqbGluZS5jb20vaW1sTWRzR1d4T2NRbnhqa2YvQk1WUmU%2FcGFyYW1fND0xMjA0OTU5JnBhcmFtXzU9MTEzNjAxNjcyMTIxOTI2NDc2MSIsImgiOjkyMzgsInQiOjAsInoiOjgyMjUsImsiOjAsInUiOiI2NzQ5MDc0NmY3MjU4OTYyNmQyODE3IiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6IjltN25wb3ZpdXN5NHRqayIsIm8iOnRydWUsIm0iOjE3NzY5Njc5NDczNjEsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMiUyMiUyQyUyMmtleXdvcmRzJTIyJTNBJTVCJTVEJTJDJTIydG9wd29yZHMlMjIlM0ElNUIlMjJhZHZlcnRpc2VyJTNBMSUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZHQiOmZhbHNlfQ\u0026pdc=J7wDy493KzCP5rkpfYA6LwScgKJuzrJ08B08CWBGYA0\u0026param_4=1204959\u0026param_5=1136016721219264761 HTTP/1.1\r\nHost: ljline.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ljline.com/imlMdsGWxOcQnxjkf/BMVRe?param_4=1204959\u0026param_5=1136016721219264761\r\nCookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; GL_GI10=eJxjYGBgEuEXZMosEOSxNNSzNNAzMdIzNDURZEwXZPLzF2RKzhNk88svKk%2BsFGQsEmQyMBZkKsoT5PYvzslXcM4vzSsBiicLsoD4goyZgnxOOZkVCsH5OaUlmfl5xYJMQMzpnJiUk6rvEuwjyFjAxijIVJLPxiTIVJwiwiDIWMYmIciUk8jj4Pv51eb0BT%2BBnHweB9X6jdHhdqsFmQqKBVkMDc2MAIdyKeI%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 23 Apr 2026 18:12:27 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"86733bb66fb84b851592d733e51f0cbd","sha1":"42eaf19a5ca195667a9212b0ea3557eee76954a8","sha256":"927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d","sha512":"a8c4b7ea33487c8308d0700e573367d976b4a0407719089157679ebb8ce14168fb8825f798ac5aaa4b14892c5cc22a6468491fb776ab8b0dc29218628f1fcaa8","ssdeep":"","tlshash":"c99002d55c01c1289cf0094418e2b15c090886541806d48070c09db509503959c22585","first_seen":"2024-01-18T20:18:28Z","last_seen":"2026-04-23T18:12:49.05409Z","times_seen":9734,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bluhandur.com/","fqdn":"bluhandur.com","domain":"bluhandur.com","tld":"com"},"ip":{"addr":"172.67.206.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-23T18:12:25.230Z","timestamp":0,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: bluhandur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 23 Apr 2026 18:12:25 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://bluhandur.com/\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64\r\ncache-control: private, no-cache, no-store, must-revalidate\r\nexpires: -1\r\npragma: no-cache\r\nserver: cloudflare\r\nset-cookie: _ctid=4164014039; Max-Age=2147483; Path=/; Expires=Mon, 18 May 2026 14:43:49 GMT; HttpOnly\r\nvary: Accept\r\nx-powered-by: Express\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oviSKqXWaPD4%2BhZP8rBK3YvguVsfXtFKjmeN72NXskzsaD8mIRtLkjBbtW6pAMsUBwhDrwNtQy5euOsADfSWbzjbbcB3tZo3EOrM3KTd13qRLOPlqpbfrf0Bh9%2BRvhWW\"}]}\r\ncf-ray: 9f0ed619ec6756a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":252,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-23T21:02:29.078164Z","times_seen":14117394,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":37,"dns":11,"connect":1,"send":0,"wait":226,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-23","alert":"Sinkholed","trigger":"bluhandur.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ljline.com/imlMdsGWxOcQnxjkf/BMVRe?param_4=1204959\u0026param_5=1136016721219264761","fqdn":"ljline.com","domain":"ljline.com","tld":"com"},"ip":{"addr":"172.241.53.108","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-23T18:12:26.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ljline.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:45:12 GMT","end":"Tue, 30 Jun 2026 14:45:11 GMT"},"fingerprint":{"sha1":"FC:01:AA:BD:84:5F:85:84:C4:83:1A:F7:8B:A1:BB:E7:66:0E:D7:25","sha256":"91:B6:34:7E:F5:15:9E:AC:45:17:70:B5:20:6A:09:24:C9:5B:94:CA:AE:E6:05:8F:1A:9F:6E:95:F3:78:CD:AE"}}},"request":{"raw":"GET /imlMdsGWxOcQnxjkf/BMVRe?param_4=1204959\u0026param_5=1136016721219264761 HTTP/1.1\r\nHost: ljline.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 23 Apr 2026 18:12:27 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nset-cookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; expires=Fri, 24-Apr-2026 18:12:27 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJxjYGBgEuEXZMosEOSxNNSzNNAzMdIzNDURZEwXZPLzF2RKzhNk88svKk%2BsFGQsEmQyMBZkKsoT5PYvzslXcM4vzSsBiicLsoD4goyZgnxOOZkVCsH5OaUlmfl5xYJMQMzpnJiUk6rvEuwjyFjAxijIVJLPxiTIVJwiwiDIWMYmIciUk8jj4Pv51eb0BT%2BBnHweB9X6jdHhdqsFmQqKBVkMDc2MAIdyKeI%3D; expires=Fri, 24-Apr-2026 18:12:27 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12333,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (12070)","md5":"1c419bae48466c8c3371a7c6a5b26cb9","sha1":"e77fc49065c9ccaa0e5238633e7baa40b53741d6","sha256":"667fa0fd3341a6cece1eff8338c2667203a4dce23ef77c0a6b5f9194f240f85b","sha512":"0472d1b91d6187399aa93c05da80d837e04a3ce2c36d0102c8cc13f2749c144ea7b55524f211f2ccd9ff23b9804bc63d4b7e5d7d3137a5ce8c3b7ea253e77574","ssdeep":"384:SVYjzyhiqU3P99CcjdIzn7BIkI1gVTAd/nhB2/38ekU6:Sqsi1319CIy7BIkc82/nhB2f8ekr","tlshash":"7442eae27b1070fa8bd685fba731da95a0265841385ed4e0c1ac5f507e4178ec6bfec8","first_seen":"2026-04-23T18:12:49.054776Z","last_seen":"2026-04-23T18:12:49.054776Z","times_seen":1,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":70,"dns":27,"connect":18,"send":0,"wait":24,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stoperinbent.world/cuid/?f=https%3A%2F%2Fljline.com","fqdn":"stoperinbent.world","domain":"stoperinbent.world","tld":"world"},"ip":{"addr":"188.42.241.229","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ljline.com/imlMdsGWxOcQnxjkf/BMVRe?param_4=1204959\u0026param_5=1136016721219264761","date":"2026-04-23T18:12:27.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stoperinbent.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 20:50:11 GMT","end":"Thu, 04 Jun 2026 20:50:10 GMT"},"fingerprint":{"sha1":"89:8A:5B:A4:35:F1:2F:D2:3C:4D:33:A6:6A:4E:C5:A2:08:8B:2C:D6","sha256":"9F:66:3B:82:15:EA:B9:6C:04:64:7E:42:14:B3:30:D8:FF:AB:AD:16:F0:4B:BA:B9:1B:59:BF:3F:44:59:5D:10"}}},"request":{"raw":"OPTIONS /cuid/?f=https%3A%2F%2Fljline.com HTTP/1.1\r\nHost: stoperinbent.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://ljline.com/\r\nOrigin: https://ljline.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 23 Apr 2026 18:12:27 GMT\r\ncontent-length: 0\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ljline.com\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-23T21:02:29.078164Z","times_seen":14117394,"resource_available":true,"data":null}},"time_used":134,"timings":{"blocked":58,"dns":14,"connect":20,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stoperinbent.world/cuid/?f=https%3A%2F%2Fljline.com","fqdn":"stoperinbent.world","domain":"stoperinbent.world","tld":"world"},"ip":{"addr":"188.42.241.229","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ljline.com/imlMdsGWxOcQnxjkf/BMVRe?param_4=1204959\u0026param_5=1136016721219264761","date":"2026-04-23T18:12:27.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"stoperinbent.world","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 20:50:11 GMT","end":"Thu, 04 Jun 2026 20:50:10 GMT"},"fingerprint":{"sha1":"89:8A:5B:A4:35:F1:2F:D2:3C:4D:33:A6:6A:4E:C5:A2:08:8B:2C:D6","sha256":"9F:66:3B:82:15:EA:B9:6C:04:64:7E:42:14:B3:30:D8:FF:AB:AD:16:F0:4B:BA:B9:1B:59:BF:3F:44:59:5D:10"}}},"request":{"raw":"POST /cuid/?f=https%3A%2F%2Fljline.com HTTP/1.1\r\nHost: stoperinbent.world\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ljline.com/\r\nContent-Type: application/json\r\nContent-Length: 10\r\nOrigin: https://ljline.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":10,"data":"{\"key\":\"\"}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 23 Apr 2026 18:12:27 GMT\r\ncontent-type: application/json\r\ncontent-length: 32\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://ljline.com\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: a97fa794a0f9=67490746f72589626d2817; expires=Tue, 02 Sep 2053 21:06:29 GMT; domain=stoperinbent.world; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9e833749aeda49559f4848f4d1fc3b01","sha1":"8c3c467fe5ee76fb1e93f563105af08a2cc01575","sha256":"259c569aca59ee687587a4e37dc20ae2cae705e8e9937dd96274129c67d6a830","sha512":"8ae9d02d80f8a856dd082852500b9263aca7f761296f7fad46048a5a66226951af07d10522bd6edfe6c59885b676bd94d21e667a88bf0f119fd0b64276b595f2","ssdeep":"","tlshash":"e380040451f1f111051001451544131f131011571741001457011105d401d1d14f0503","first_seen":"2026-04-23T18:12:49.056267Z","last_seen":"2026-04-23T18:12:49.056267Z","times_seen":1,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":15,"connect":18,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}