{"report_id":"db398909-e6fe-4eab-8735-c8398eb13ae8","version":6,"status":"done","tags":[],"date":"2025-09-13T02:27:29Z","url":{"schema":"https","addr":"krnl.cat/checkpoint/ios/v1?hwid=1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"172.67.133.17","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"onthatass.com/no-no/men/signup/choose-design?utm_source=everflow\u0026utm_campaign=uk\u0026utm_medium=cpa\u0026oid=217\u0026affid=19\u0026source_id=4262_11522051152205_-1\u0026sub1=68c4d6891d7422000138a5fc","fqdn":"onthatass.com","domain":"onthatass.com","tld":"com"},"title":"ON THAT ASS"},"submit":{"url":{"schema":"https","addr":"krnl.cat/checkpoint/ios/v1?hwid=1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"172.67.133.17","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-18T02:27:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-09-13","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"loot-link.com/12.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null},"summary":[{"fqdn":"0.onsultingco.com","ip":{"addr":"172.67.167.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-01-01","domain_rank":1648496,"first_seen":"2024-08-26T11:59:01Z","last_seen":"2025-08-16T19:17:05.868764Z","alert_count":0,"request_count":1,"received_data":813,"sent_data":660,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"unpkg.com","ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-06","domain_rank":1093,"first_seen":"2016-01-07T23:26:01Z","last_seen":"2025-09-10T16:41:50.955791Z","alert_count":0,"request_count":2,"received_data":769358,"sent_data":902,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"nerventualken.com","ip":{"addr":"172.67.197.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-01-01","domain_rank":155901,"first_seen":"2024-10-08T03:58:59Z","last_seen":"2025-09-06T04:22:37.654965Z","alert_count":0,"request_count":2,"received_data":2437,"sent_data":1007,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"d1wzdj81h1hubn.cloudfront.net","ip":{"addr":"54.230.245.83","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2023-01-18T20:12:00Z","last_seen":"2025-09-11T20:19:33.24908Z","alert_count":0,"request_count":2,"received_data":28340,"sent_data":920,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-09-10T15:27:48.133327Z","alert_count":0,"request_count":1,"received_data":22242,"sent_data":449,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-10T15:14:38.264059Z","alert_count":0,"request_count":2,"received_data":7430,"sent_data":923,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"app.unlockr.app","ip":{"addr":"172.67.188.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-18","domain_rank":844335,"first_seen":"2025-03-20T23:46:19.496978Z","last_seen":"2025-09-11T10:01:03.744302Z","alert_count":0,"request_count":1,"received_data":888,"sent_data":465,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2025-09-10T15:53:58.845852Z","alert_count":0,"request_count":1,"received_data":20344,"sent_data":466,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pagead2.googlesyndication.com","ip":{"addr":"142.250.178.98","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2003-01-21","domain_rank":610,"first_seen":"2012-05-21T07:15:40Z","last_seen":"2025-09-11T04:51:43.337578Z","alert_count":0,"request_count":1,"received_data":161530,"sent_data":467,"comment":"","tags":null,"fingerprints":null},{"fqdn":"loot-link.com","ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2023-09-14","domain_rank":25577,"first_seen":"2023-09-18T13:51:16Z","last_seen":"2025-09-08T04:45:42.972686Z","alert_count":1,"request_count":6,"received_data":345089,"sent_data":2696,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"krnl.cat","ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-10","domain_rank":53100,"first_seen":"2025-03-16T01:53:06.225366Z","last_seen":"2025-09-07T18:30:30.133477Z","alert_count":0,"request_count":8,"received_data":8120458,"sent_data":6870,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}]},{"fqdn":"fingerprinting36542.s3.us-east-1.amazonaws.com","ip":{"addr":"52.216.33.122","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2005-08-18","domain_rank":980294,"first_seen":"2024-12-09T20:50:57.594921Z","last_seen":"2025-09-08T11:54:44.269368Z","alert_count":0,"request_count":1,"received_data":38715,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"enaightdecipie.com","ip":{"addr":"172.67.219.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-11","domain_rank":219993,"first_seen":"2025-08-16T07:57:27.47822Z","last_seen":"2025-09-05T16:29:55.738179Z","alert_count":0,"request_count":1,"received_data":515,"sent_data":468,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"curyrentattrib.info","ip":{"addr":"54.240.174.118","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2024-04-01","domain_rank":107831,"first_seen":"2024-04-28T19:02:26Z","last_seen":"2025-09-03T22:46:23.055991Z","alert_count":0,"request_count":1,"received_data":1100,"sent_data":454,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"OpenResty:1.17.8.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-10T15:11:19.040403Z","alert_count":0,"request_count":3,"received_data":56009,"sent_data":1600,"comment":"","tags":null,"fingerprints":null},{"fqdn":"dgaf2ncy4dtan.cloudfront.net","ip":{"addr":"54.230.245.43","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-09-02T06:57:31.149252Z","last_seen":"2025-09-09T08:35:04.129689Z","alert_count":0,"request_count":1,"received_data":1112,"sent_data":468,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bc1ccb003c8dbdb1f75efa1fd38362bf","sha1":"8ae598f92b85ef618e90e0129d57fb94c8f6c3b8","sha256":"b396c6847f916f93b353dddc9245b056ad900d115cfb589e7909ba996eaf70af","sha512":"da7392435a35a21260083593ad27b6b451b8094f21bab08644ea542a8a2980f1d3da6516cb59a02de776d667f695ef27f60676737ba3387ba25e58af02762f4d","ssdeep":"6144:a4oQYPIDD5g3/btDQ3PSIoPabTzf/W8tpgsQ5cDo4Dd:SPI3+Ch+p5c35","tlshash":"478418597254743905c54069803f090bf636392e246ac09cb76cf4efa9bde8d32beb79","size":383981,"data":"","first_seen":"2024-11-04T13:40:42.622928Z","last_seen":"2026-04-22T15:05:41.760976Z","times_seen":3715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","size":12332,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-22T16:11:22.449448Z","times_seen":99324,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/s?2H7lKsgw","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"09f28acecb598cf6b06a72ed22c8ed8c","sha1":"d167a5ca5906d46fe127f68f81afd7d2f022071b","sha256":"91fa04c59a9184729693d419552348e5170480f29fc8257f927ea497455e7d35","sha512":"07b25f2e911e698bc7dc467a8b9865a472ef1e2706518e844db1cf0bd23a4ab6880e6ce7e97a3bafe6dd4938af7b42b84e148d39f64df7235bc2acc7bd5a0d94","ssdeep":"","tlshash":"7b90026d16154ab595805d5248b4e356256ba53434a230105a9f9aa42b47b095245852","size":57,"data":"","first_seen":"2025-09-13T02:27:32.301165Z","last_seen":"2025-09-13T02:27:32.301165Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/s?2H7lKsgw","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"522010782808575f5233d7c4ce4599fd","sha1":"7605f3f9c27a9f14aacf02f4dc41ca02b52bf2b5","sha256":"a601253a1b9296225aef67ba15ec096bd875141287c3e9fd6fdc3735a5b06c68","sha512":"bb963db85acb280e45b9a2bba3cf40b1b50384c2bc35abdfff531931ec52ca6ad940038ae16caad0e3884636b638bb13eea15e70c9d66d61ec69b748d99d4520","ssdeep":"384:FGKXROJjmmX5II4gHRCR4/qMd202VQxk7HL1IeuP1Q:FGKXRO9m72p3AT7HhIFPy","tlshash":"d372a793051922daab183992d74b34c89788e4d7fec21acaf4be0c24cb6bb5d374570d","size":16337,"data":"","first_seen":"2025-09-13T02:27:32.304266Z","last_seen":"2025-09-13T02:27:32.304266Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fingerprinting36542.s3.us-east-1.amazonaws.com/fingerprint.js","fqdn":"fingerprinting36542.s3.us-east-1.amazonaws.com","domain":"s3.us-east-1.amazonaws.com","tld":"us-east-1.amazonaws.com"},"ip":{"addr":"52.216.33.122","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ac06ba71cc5803c7515b3e8c3a2854d","sha1":"03ba918aad85dda720c6f46267eb4fba9103aac3","sha256":"6cf24eed847d975853348f50d95b192ac37a4c49e96d8888af6dd2e15631a1fd","sha512":"8db044466454b70e2dcf368078e845163e714e68e5405fc5d3cb9202737c7e3f9696a1f231d1ba0b8ace9dc46712035eab112c3ef3f728be64644cffd587b0e7","ssdeep":"384:2xcDKdRZKREaMRMBp5iKQID95wH3KqwzrWmKj5+pCqNFaiE8E0QIQfJWbkhGYKon:x3RBp5Kjnc9NwlJWbhSu+AW","tlshash":"300306d8b2c3b06e227368b5457f6006b23a7d50346d8842c523e5d57ca9e6e913bfbc","size":38143,"data":"","first_seen":"2024-12-09T20:50:59.331644Z","last_seen":"2026-04-20T22:55:47.117996Z","times_seen":905,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/checkpoint/ios/getkey","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"4dee1ed893d423b91d772a2829e8e3ea","sha1":"b6eeb2cb9f49020d2fcbcba6eabdeba000734451","sha256":"627d494722c42d5cdc2120fc9c25cd6deaef5c8f67f1d057742704e6fdf4634a","sha512":"2799a43d899ef6084824e87d15f3208c88ef29555ee07eaccc4cf1d86e2acbec9843044413b5e2b2a1f3e1f2ac413bf22f3e452389a4894e2dd83c7183629994","ssdeep":"","tlshash":"18a024c30455307c03414310f4733711731544f5440c1044c1004031344c3cdd0577c1","size":73,"data":"","first_seen":"2025-06-28T22:46:29.570377Z","last_seen":"2025-09-13T02:28:52.093582Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/s?2H7lKsgw","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T16:10:32.348734Z","times_seen":623338,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/s?2H7lKsgw","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"558f233ddde0da7613463594b855ae68","sha1":"487759c68a77d20f353698d0b9b9dcbd267d484b","sha256":"0a3e527cb1a7dab5d0d1c786165221e81255b14586aae0b06337bba9fe5dcb9d","sha512":"2fdad5544228187dca0c9358edd93b9cb4feb917234e9caceab60f209dd43b3cb107d1db6a7143131cd394e1eda2429e2701019fc74d48629715c324608ae874","ssdeep":"","tlshash":"7631c11cf6405ffb58615032a6adb984e51059ab0b04d38bbe2cc20d8fb566f327a0dc","size":1634,"data":"","first_seen":"2024-10-01T00:50:24Z","last_seen":"2026-04-19T23:17:32.604952Z","times_seen":172,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/12.js","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5f159c1513c489bbcaa26cedd050dd61","sha1":"78b249b4a7f5d1b4bcb54f4b8b14720af65262d7","sha256":"94001143badb4d8788a497b41397de11702c6a330daae66f6f256db6b328f8eb","sha512":"0f1c871642c86fdebe3c35ae81374defd223a8dabedc1a9c269e1e50d7f08ed719ade05f4dd6e4988f9ba332b7a8e61e7b68b62d23f1c93926a14de843df1aef","ssdeep":"1536:pvUwFwqqsGvWfqhUUPB1+OLATvEECx3d4VdFosx:JBqs8WA9PB9AdFoy","tlshash":"8ef37770f34cac5e6286c9e3212d94adc122e94fed705ed49745e8ecfc85d46b8a893c","size":172180,"data":"","first_seen":"2025-09-07T18:31:49.746468Z","last_seen":"2025-09-13T02:28:52.070237Z","times_seen":4,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-09-13","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"loot-link.com/12.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/checkpoint/ios/getkey","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c61bb98f5f35370f97cd0d776d35310","sha1":"58266b7586c8f119cbb8e308d83bf6df914bc92a","sha256":"ee46eadcb4d58030d9814cfda0b30a66262d46e076581cfeb3d2b4cf34f0ad40","sha512":"b2327a85e00bdc492d026852f6c6eb8f8ae09a3170008e0e80d96865b90e09760a065a7a9084b374fd8613addf72010601d5f31e8d958d5a9299fa074f880016","ssdeep":"","tlshash":"5921c6e7db4c912692f1100b6e8b21c8904fedf3cb4e2ce3bb1567926231d2f517a164","size":1173,"data":"","first_seen":"2025-06-28T22:46:29.572013Z","last_seen":"2025-09-13T02:28:52.10263Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/WrappedBotd.browser.protected.js","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"95888320adab6afba4a8e0c8f06e8361","sha1":"c04b231b41d57f1cc95e66e04d8f2631a4b10018","sha256":"8fda68ace483a03aa4362a8731fff5b2a37d85aab3de76801ab8e225b217b2df","sha512":"e3a17ad670f939f563fe6d1dc507ab5ba99f90a4b6bc94364fa2f56d5c5ca1a552b0dbb973a4f68f7694ca9a8bf1a3ff3bf28b0dc1f4bf2fc796deef5007bd82","ssdeep":"3072:9ISWWZitd7yfmAa0Zzg/N8OSv0TfuuC8a5MAVCGNs:YhlLqD0TmPMAVCSs","tlshash":"bab3d79462472c958392d1ff142fb285ac2d8e51bc8fdce1d651c3959c306c78afbba2","size":109231,"data":"","first_seen":"2025-07-01T16:50:14.740307Z","last_seen":"2026-04-20T22:55:47.111126Z","times_seen":614,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-22T16:08:17.28205Z","times_seen":333302,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/checkpoint/ios/getkey","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"954a4a7c35c0d56393ca622f104c9943","sha1":"9960c5195cfe7356d77f5504b477c39e26cc52c7","sha256":"67970d8c37902a684aa57df3b91efc43bae62f2de4e3255b58e16bb34dfd33e2","sha512":"715aecffa730a56dd252674bab97d5d38fbb999968c73b48de16adc43e203c4b21cf5a079948feab0ca47c53c6d5cf77be3904419f7f992f313e1f512ed537d8","ssdeep":"","tlshash":"8151dd90bf6c553792ae004f9531a2cdb97c01bab800bd477ccddc187ac8de4aea7952","size":2677,"data":"","first_seen":"2025-09-13T02:27:32.317754Z","last_seen":"2025-09-13T02:28:52.09861Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/babel-regenerator-runtime@6.5.0/runtime.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f6d0ac2c43a81b1890d6442a2a72494","sha1":"5cec1237fc2cd482064efb78c55096560ffd4419","sha256":"b9258540f48bff83be38e2952dfa01f6bb5c6ccbc13baccf3e26995299f59d07","sha512":"b513e08a30b27f90e72b9f9e4e0602314d995736079820f23e35fe7a160029c8082c39bebec6b96270b72bf1f3e9af6ed68e70e943874395a6e42cd51012d83f","ssdeep":"384:beeCv9SwPTYFjZA5mfzfPZxWRrT+hcMXnRxlWllmt87SRM57EZp:be1SwPTYFjZfzGTMcM5gt6","tlshash":"65a2648d69eba2619a4672388b4f3019b735c01b820dcd51784d93e1bf9143453baffe","size":21453,"data":"","first_seen":"2023-03-07T14:26:52Z","last_seen":"2026-04-20T22:55:47.109674Z","times_seen":322,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/s?2H7lKsgw","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T16:13:34.432731Z","times_seen":212948,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/babel-regenerator-runtime@6.5.0/runtime.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:17.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/babel-regenerator-runtime@6.5.0/runtime.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 6.5.0\r\nx-jsd-version-type: version\r\netag: W/\"53cd-XOwSN/ws1IIGTvt4xVCWVg/9RBk\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 13 Sep 2025 02:27:17 GMT\r\nage: 397231\r\nx-served-by: cache-fra-etou8220131-FRA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 6589\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21453,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"4f6d0ac2c43a81b1890d6442a2a72494","sha1":"5cec1237fc2cd482064efb78c55096560ffd4419","sha256":"b9258540f48bff83be38e2952dfa01f6bb5c6ccbc13baccf3e26995299f59d07","sha512":"b513e08a30b27f90e72b9f9e4e0602314d995736079820f23e35fe7a160029c8082c39bebec6b96270b72bf1f3e9af6ed68e70e943874395a6e42cd51012d83f","ssdeep":"384:beeCv9SwPTYFjZA5mfzfPZxWRrT+hcMXnRxlWllmt87SRM57EZp:be1SwPTYFjZfzGTMcM5gt6","tlshash":"65a2648d69eba2619a4672388b4f3019b735c01b820dcd51784d93e1bf9143453baffe","first_seen":"2023-03-07T14:26:52Z","last_seen":"2026-04-20T22:55:47.109674Z","times_seen":322,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":31,"dns":1,"connect":13,"send":0,"wait":14,"receive":1,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/unlocker.png","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:20.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loot-link.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Thu, 13 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:29:EE:C8:55:1A:0D:B4:EC:B8:40:2C:83:64:56:BA:0A:3A:6D:87","sha256":"57:1B:D3:2E:DE:00:9D:E6:B9:5C:D0:44:4C:67:D9:7F:05:9C:9F:6D:54:F5:E2:C3:E3:5F:1D:AC:26:0D:CD:35"}}},"request":{"raw":"GET /unlocker.png HTTP/1.1\r\nHost: loot-link.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/s?2H7lKsgw\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 31030\r\ndate: Sat, 13 Sep 2025 02:27:20 GMT\r\naccept-ranges: bytes\r\nserver: openresty/1.21.4.1\r\nlast-modified: Fri, 12 Sep 2025 20:00:00 GMT\r\netag: \"68c47bc0-7936\"\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: jz-3c23ebizMOXkchoikbmh3sFnfFfeRG7yn2DLB3Yz4dTJvVtr1BA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":31030,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 246 x 246, 8-bit/color RGBA, non-interlaced","md5":"aa3e9ab7989d9c695c98fc750957670d","sha1":"4022d553f4952fa7c7b57f00942b202354b66acb","sha256":"5e0813c96779ef092cefc6e77fa90de7a86e307f04bd6d64f9d37a5d9a8fb4e0","sha512":"e3b681724244c3834a9d24d92c3b3817afb553e1a697c58b21d84e6a8ba1c07cece4b14e1316c6235436768b2e62362169810568921d660efc576536ec41696f","ssdeep":"768:nwlF+bky/Yt20bgvguLfk7D07HIcDbMXj5ZVp0iB6VRc8p6UvzMVOs:NkBXghfk7aHbDbMXj5Zh6LcC6YIVOs","tlshash":"54d2d0f5b033745de9f50006fa4647b801bb8af07f31b618d4bbc60eb78839e24a9965","first_seen":"2025-03-20T23:46:21.230829Z","last_seen":"2026-04-12T16:53:30.535273Z","times_seen":591,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":203,"receive":104,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"0.onsultingco.com/c?uid=115141704531639078\u0026cat=44\u0026key=670807781542636753\u0026session_id=341881937566803986\u0026is_loot=1\u0026tid=1152205","fqdn":"0.onsultingco.com","domain":"onsultingco.com","tld":"com"},"ip":{"addr":"172.67.167.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:21.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"onsultingco.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 31 Jul 2025 10:18:58 GMT","end":"Wed, 29 Oct 2025 11:17:07 GMT"},"fingerprint":{"sha1":"B9:94:15:22:19:99:F9:91:7A:D2:90:39:42:58:C9:45:57:D6:6C:89","sha256":"5A:CE:9B:AA:44:11:D0:19:FA:74:7C:FC:11:2A:89:C4:15:60:8A:34:EB:85:17:C9:B0:9F:AC:F1:4F:55:DD:FC"}}},"request":{"raw":"GET /c?uid=115141704531639078\u0026cat=44\u0026key=670807781542636753\u0026session_id=341881937566803986\u0026is_loot=1\u0026tid=1152205 HTTP/1.1\r\nHost: 0.onsultingco.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://loot-link.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: zZ1oHGCLtYFesMeNPEdzvQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nDate: Sat, 13 Sep 2025 02:27:22 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: mOV4zJTdsNW/NCCZrgBh3WcWGQ0=\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=d7YfFpozH0kSvLzuU5ZrDpa4xd8tnlYVHMr4PlCsQ2DsSD%2FzRWfYnauF97lMAGqu1Pf6ky6Ek6UyGCojSfqZTP7LgeBiQJcmp3mhclyHghX%2B74gGPFrokt9AqG42uCSHygnpyg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 97e4347d79d9723c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=498\u0026min_rtt=451\u0026rtt_var=170\u0026sent=5\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=3195\u0026recv_bytes=1390\u0026delivery_rate=7074918\u0026cwnd=252\u0026unsent_bytes=0\u0026cid=ef31ff6a6e5b9aee\u0026ts=262\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T16:09:26.709379Z","times_seen":14066297,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":2,"connect":1,"send":0,"wait":246,"receive":1,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/css/keysys-styles.css","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://krnl.cat/checkpoint/ios/getkey","date":"2025-09-13T02:27:07.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"krnl.cat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:27:21 GMT","end":"Thu, 11 Dec 2025 08:25:51 GMT"},"fingerprint":{"sha1":"4E:44:C0:2E:F9:C1:F2:9A:0D:A3:9F:D3:71:15:E3:3F:84:7B:07:19","sha256":"A8:C1:34:8B:D4:E9:83:55:DD:A6:03:85:58:DD:FA:BA:80:F6:A4:55:F3:8E:5E:08:A0:90:6C:E0:C4:5E:A4:7E"}}},"request":{"raw":"GET /css/keysys-styles.css HTTP/1.1\r\nHost: krnl.cat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://krnl.cat/checkpoint/ios/getkey\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: token=s%3Aeec4528e2e7059e2a25faed288de87022e1a4c4b72710b8e71c087cce23b018556966a70dd8dbaa206897f2ac56b96b0aed95d13fe0cf8720043206c2d931d670e4de58cc6b4dee209e2415d6b0dd56f6d4df77ed5c17edbd35009539dba303b51ab2c81.J2vCVDiBQZomKaN0Nh3pO%2Bz6T6nXAqNdj7XVEbZjtJE; _hwid=s%3A1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585.wKvICON7f0%2F8%2Fxn2TiK0Y7ze1%2F3xgWdrrk8Gv0c05Oo\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 02:27:07 GMT\r\ncontent-type: text/css\r\nx-frame-options: SAMEORIGIN\r\nlast-modified: Tue, 11 Feb 2025 02:10:53 GMT\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BKxwtivaJWKRn6jiMWCAaNntFBBTGkK4AqopewNY83yrG2f4Hy%2BswCZCxhXz7qdfsxJmlaGMWIOW%2FYpaIwzx6sslGuIZij2%2B\"}]}\r\nexpires: Sat, 13 Sep 2025 08:12:13 GMT\r\ncache-control: public, max-age=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65694\r\ncf-cache-status: HIT\r\netag: W/\"67aab1ad-c03\"\r\nx-xss-protection: 1; mode=block\r\nvary: accept-encoding\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\ncf-ray: 97e434234c20b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3075,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"8d5621b816bac9f2a684f76d5d782f52","sha1":"f3d633caf34254d0db64edea903e25facc0de6c8","sha256":"ee1f2af6001399744c2ca7922ec1a99b2c2b2d67c98a9d61215a9b846ad5f0b0","sha512":"88b71a99b67c78f8864840c584905d85a9315e55091fca2fa8d417345a358afa453bfe72a10f25fc6ce88042e243ca92bc9d32cfce14c3e2613392a6689973cb","ssdeep":"","tlshash":"5e51fd10fd85340b32362d58b7f55ba58a0d5526604f4abe39fd3614cfe58781a71bcc","first_seen":"2025-06-28T22:46:29.555879Z","last_seen":"2025-09-13T02:28:52.077206Z","times_seen":3,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Exo+2:wght@700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:19.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 08:41:02 GMT","end":"Mon, 17 Nov 2025 08:41:01 GMT"},"fingerprint":{"sha1":"ED:FC:A5:F2:F4:07:8E:0E:EA:C7:96:D8:BE:47:04:EE:34:72:47:E9","sha256":"42:1D:9B:CD:2D:EC:4C:72:94:02:2C:88:B5:FF:BC:A2:B8:35:1B:C6:E0:B5:97:71:DB:7D:5B:6A:FA:CA:C1:8A"}}},"request":{"raw":"GET /css2?family=Exo+2:wght@700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 13 Sep 2025 02:27:19 GMT\r\ndate: Sat, 13 Sep 2025 02:27:19 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1886,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"cede71b833c811387a3fad9426e5f123","sha1":"8fa2caab4e602bec86ce7cd692fa55b38141ac4a","sha256":"546092dbc76892c95db169df529436e5fc9495342c828373996dfb58f201482f","sha512":"ffc88cfc4430b0428cd5a7602b982bf33b3f9bfa5cb3bb6a85a56738bf30196c520471133a6661dd155bfaa670d0aa3785079a3aae9f7c0145d14fff2408b2cc","ssdeep":"","tlshash":"de41dee1061bd400a75b0cc623ce3e3b9daf211ab055c5ba5ffe1c946ce6ca1535471d","first_seen":"2025-09-07T18:31:49.742419Z","last_seen":"2026-04-19T08:08:55.227905Z","times_seen":19,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/exo2/v26/7cH1v4okm5zmbvwkAx_sfcEuiD8jWfWsOdC_.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:19.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 08:41:01 GMT","end":"Mon, 17 Nov 2025 08:41:00 GMT"},"fingerprint":{"sha1":"41:D2:08:38:86:84:32:C2:76:B6:A0:7C:F7:02:4C:C5:55:4E:2F:1E","sha256":"A5:34:21:73:D5:FC:24:AF:0D:8A:56:A2:A7:5C:BD:41:46:45:3B:DE:78:A3:6B:67:9C:80:C8:44:02:A9:12:D0"}}},"request":{"raw":"GET /s/exo2/v26/7cH1v4okm5zmbvwkAx_sfcEuiD8jWfWsOdC_.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 17220\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 11 Sep 2025 09:57:52 GMT\r\nexpires: Fri, 11 Sep 2026 09:57:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 145767\r\nlast-modified: Wed, 27 Aug 2025 20:23:29 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17220,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 17220, version 1.0","md5":"548bfb0f508e91dd347db8fd21f232b7","sha1":"c7b233e79128c93fcfe05b7fd0c52484a929e2bf","sha256":"96c87b1597aed754e0ad45970883774e851a390788e7fba7b3f49f8d1f6e5a6b","sha512":"adaa5512b1e13388d132fd7547b1ce445225427303eb862250652929d234c85840a10362d1ec27bb174a3dc0ff4e0f7dcf5cf5d19948868649efb0dda0889ceb","ssdeep":"384:mlt9Nktm3jM9PIfObCEOPWOYv7ULd2saXhIOJp2wTzd/1:Q9SqjMSOb5LeYVr33H","tlshash":"6a72bf27844c2ddede8d5ebc8eb0d8f05617ab65c60047acbd076b4c9aca17385d6d08","first_seen":"2025-09-07T18:31:49.725047Z","last_seen":"2026-04-19T08:08:55.240566Z","times_seen":58,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":8,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://krnl.cat/checkpoint/ios/getkey","date":"2025-09-13T02:27:07.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"krnl.cat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:27:21 GMT","end":"Thu, 11 Dec 2025 08:25:51 GMT"},"fingerprint":{"sha1":"4E:44:C0:2E:F9:C1:F2:9A:0D:A3:9F:D3:71:15:E3:3F:84:7B:07:19","sha256":"A8:C1:34:8B:D4:E9:83:55:DD:A6:03:85:58:DD:FA:BA:80:F6:A4:55:F3:8E:5E:08:A0:90:6C:E0:C4:5E:A4:7E"}}},"request":{"raw":"GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1\r\nHost: krnl.cat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://krnl.cat/checkpoint/ios/getkey\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: token=s%3Aeec4528e2e7059e2a25faed288de87022e1a4c4b72710b8e71c087cce23b018556966a70dd8dbaa206897f2ac56b96b0aed95d13fe0cf8720043206c2d931d670e4de58cc6b4dee209e2415d6b0dd56f6d4df77ed5c17edbd35009539dba303b51ab2c81.J2vCVDiBQZomKaN0Nh3pO%2Bz6T6nXAqNdj7XVEbZjtJE; _hwid=s%3A1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585.wKvICON7f0%2F8%2Fxn2TiK0Y7ze1%2F3xgWdrrk8Gv0c05Oo\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript\r\nexpires: Sat, 13 Sep 2025 03:15:07 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XndQ3A0terPJP72vXgKcE8Q2fwhNKFuIDM%2FxforSrDWEQRhqYJeIFEk791vPU%2BB5%2FLe529QTpbJbQBWJ5ZFrG%2F76rjRORDki\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 02:27:07 GMT\r\ncf-ray: 97e434234c21b1b8-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12331)","md5":"88a769d2fe35899fd45a332a0a032cc0","sha1":"514c6c1d8475d17e412849a4c90159517d0fa10a","sha256":"ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142","sha512":"756cc5cd029fc4adc9100d0da2f2b0efb3df0f2bf894fba2824019832fea594edd40a238a5ffacc205572cc0155f5632d70f54e37edc0772460f44c69cb76ab8","ssdeep":"192:3dArCS2Z+j/yQ9TCQxUhW2DPY808LE676SbHDc/7uN0VZG05w:NHSG+j/y2xa3bn7Q+0a0O","tlshash":"7442b79c7e95ba30079b91b1a17ff30f6276605a640bc0a0b05ddcd1a878d8d192bf75","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-22T16:11:22.449448Z","times_seen":99324,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/s?2H7lKsgw","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-13T02:27:16.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loot-link.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Thu, 13 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:29:EE:C8:55:1A:0D:B4:EC:B8:40:2C:83:64:56:BA:0A:3A:6D:87","sha256":"57:1B:D3:2E:DE:00:9D:E6:B9:5C:D0:44:4C:67:D9:7F:05:9C:9F:6D:54:F5:E2:C3:E3:5F:1D:AC:26:0D:CD:35"}}},"request":{"raw":"GET /s?2H7lKsgw HTTP/1.1\r\nHost: loot-link.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\ndate: Sat, 13 Sep 2025 02:27:17 GMT\r\nvary: accept-encoding\r\nserver: openresty/1.21.4.1\r\naccess-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-methods: POST, GET, OPTIONS, HEAD\r\naccess-control-allow-credentials: true\r\ncache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\nsurrogate-control: no-store\r\ncontent-encoding: gzip\r\netag: W/\"7da6aa3f-5ef5-4d12-8084-5f96e4fe50a3\"\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: y_spvliSpYsD1JBBJ57gqiNBqGurKCkqgwXQj1RY_i43UnKCuf2ZTw==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":22300,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3884)","md5":"91870512d4e3e2902df3b011c7ebd567","sha1":"a23b23f2691d4d9e54a13ca3b18094421bf6f926","sha256":"cd8a5e3c48e65910660c3233351e5032e0febf9a0b9bebfeea57ae1f5431bd1c","sha512":"1ae21262b77611756f20ff88252c823bcda8794c37be1e9407447c00e1d8d2b5b30faa5f93c5bc332d660a2ea3e755105baf3016507d3f9e910fbd1f9a17460f","ssdeep":"384:nBg8zYGKXROJjmmX5II4gHRCR4/qMd202VQxk7HL1IeuP1+8O:nBTkGKXRO9m72p3AT7HhIFPW","tlshash":"96a20793056612daab1535a2d79b34c89b88e483efc24e8af8bd0d18cf5b74d375274c","first_seen":"2025-09-13T02:27:32.273738Z","last_seen":"2025-09-13T02:27:32.273738Z","times_seen":1,"resource_available":false,"data":null}},"time_used":946,"timings":{"blocked":231,"dns":53,"connect":1,"send":0,"wait":484,"receive":0,"ssl":175},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dgaf2ncy4dtan.cloudfront.net/?tid=1152205\u0026params_only=1","fqdn":"dgaf2ncy4dtan.cloudfront.net","domain":"dgaf2ncy4dtan.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.230.245.43","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:18.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /?tid=1152205\u0026params_only=1 HTTP/1.1\r\nHost: dgaf2ncy4dtan.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://loot-link.com/\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 339\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://loot-link.com\r\ncache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform\r\ncontent-encoding: gzip\r\npragma: no-cache\r\ndate: Sat, 13 Sep 2025 02:27:18 GMT\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: rzHGauPKU-v0nWMvcmljUF4taI7ajmUgJ6A3axy-_ld6DyGrIo0h3Q==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":593,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with very long lines (593), with no line terminators","md5":"7970a82240910043081684b752e526a6","sha1":"b6dcea7010f63cdb5af309e7ed10c2ff69cd3d68","sha256":"5d06546dafacef6dce60b12b5e3b6552e04d52db5efdfff9bf8a86c0f33283e3","sha512":"9688e917930145b06b0a038bdc13e9958db66bcb9ae776ffc4bca39a86a767912636546e7a7c91bb7165ff45d1944c7f92a45e2a9c373f18546f57030239be77","ssdeep":"","tlshash":"a0f04626c648472ecbd6012ad72754465238a8e7c408501fca093e9cd330eea3691ece","first_seen":"2025-09-13T02:27:32.275524Z","last_seen":"2025-09-13T02:28:52.073994Z","times_seen":2,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":11,"dns":22,"connect":1,"send":0,"wait":164,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/cdn-cgi/rum?","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://krnl.cat/checkpoint/ios/getkey","date":"2025-09-13T02:27:11.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"krnl.cat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:27:21 GMT","end":"Thu, 11 Dec 2025 08:25:51 GMT"},"fingerprint":{"sha1":"4E:44:C0:2E:F9:C1:F2:9A:0D:A3:9F:D3:71:15:E3:3F:84:7B:07:19","sha256":"A8:C1:34:8B:D4:E9:83:55:DD:A6:03:85:58:DD:FA:BA:80:F6:A4:55:F3:8E:5E:08:A0:90:6C:E0:C4:5E:A4:7E"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: krnl.cat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://krnl.cat/checkpoint/ios/getkey\r\ncontent-type: application/json\r\nContent-Length: 1414\r\nOrigin: https://krnl.cat\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: token=s%3Aeec4528e2e7059e2a25faed288de87022e1a4c4b72710b8e71c087cce23b018556966a70dd8dbaa206897f2ac56b96b0aed95d13fe0cf8720043206c2d931d670e4de58cc6b4dee209e2415d6b0dd56f6d4df77ed5c17edbd35009539dba303b51ab2c81.J2vCVDiBQZomKaN0Nh3pO%2Bz6T6nXAqNdj7XVEbZjtJE; _hwid=s%3A1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585.wKvICON7f0%2F8%2Fxn2TiK0Y7ze1%2F3xgWdrrk8Gv0c05Oo\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://krnl.cat\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YQwL0320HH7orY6SSCZj94sySQwAk%2BT3X2EZnNbvbcEzG3ekStzZ3XrbV2tjxe844WmlptRsma6saAB5bnDpyNQMEouF%2BjWt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Sat, 13 Sep 2025 02:27:11 GMT\r\nserver: cloudflare\r\ncf-ray: 97e4343e7ce5b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T16:09:26.709379Z","times_seen":14066297,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/play/v21/6aez4K2oVqwIvtU2Hw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:18.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 08:41:01 GMT","end":"Mon, 17 Nov 2025 08:41:00 GMT"},"fingerprint":{"sha1":"41:D2:08:38:86:84:32:C2:76:B6:A0:7C:F7:02:4C:C5:55:4E:2F:1E","sha256":"A5:34:21:73:D5:FC:24:AF:0D:8A:56:A2:A7:5C:BD:41:46:45:3B:DE:78:A3:6B:67:9C:80:C8:44:02:A9:12:D0"}}},"request":{"raw":"GET /s/play/v21/6aez4K2oVqwIvtU2Hw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 18128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 10 Sep 2025 17:20:33 GMT\r\nexpires: Thu, 10 Sep 2026 17:20:33 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:58:19 GMT\r\ncontent-type: font/woff2\r\nage: 205605\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18128, version 1.0","md5":"3ed6c0946ff584a90850e13ab42305eb","sha1":"e99ed206e2c7241fa3823c5dfe81b0aab45c4ed7","sha256":"a8824b32c20407f3e05b353ffe9b606670ff4fe88574afcbee6b02e31eab7fc6","sha512":"9e20013b63d609652d9c3e8aac93cc0c4762c89bb1ef2f4b8e38252a83e1233697a474df37e46a9d22b975ac2a58646baf832514283391bb74963087f6319e3f","ssdeep":"384:CiR0I9jEmgp6aFp5oTwXplvOgNCxtRdyYRjl0:CieIQ2TaZOgNYHdy00","tlshash":"ca82d1b1b824a5f1ec0c4dd89096415b6d91fc2c6e0dbbc9a071691cbb21afd26cf4dd","first_seen":"2025-06-03T13:49:57.162731Z","last_seen":"2026-04-22T11:49:39.146332Z","times_seen":1209,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":73,"dns":3,"connect":7,"send":0,"wait":8,"receive":3,"ssl":50},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.unlockr.app/pixel?event=unlockrPromote\u0026session_id=341881937566803986","fqdn":"app.unlockr.app","domain":"unlockr.app","tld":"app"},"ip":{"addr":"172.67.188.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:20.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unlockr.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 24 Aug 2025 18:30:22 GMT","end":"Sat, 22 Nov 2025 19:28:50 GMT"},"fingerprint":{"sha1":"D5:DC:01:45:BA:A1:86:EA:E4:ED:9F:47:A7:18:DB:C2:FB:CA:DB:07","sha256":"D2:67:EF:28:F7:68:F9:EE:B4:5C:C7:69:37:BC:2D:E1:AC:0E:D6:67:51:9C:A9:B0:01:45:2B:6C:5D:92:62:EE"}}},"request":{"raw":"POST /pixel?event=unlockrPromote\u0026session_id=341881937566803986 HTTP/1.1\r\nHost: app.unlockr.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Sep 2025 02:27:20 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccess-control-allow-origin: https://loot-link.com\r\naccess-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-methods: POST, GET, OPTIONS, HEAD\r\naccess-control-allow-credentials: true\r\ncache-control: no-store\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B2F%2BliYSisbb7NenIf6Yntm15Qtv402wc6hKIRK0hyUkXhW2%2F9dt%2FQrLfhvBVX%2B7p%2FbjhSIm%2F1H8OODdklj8pE4eNdUNrbrxvwvlUFY%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 97e43472ef1cb51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T16:09:26.709379Z","times_seen":14066297,"resource_available":true,"data":null}},"time_used":329,"timings":{"blocked":38,"dns":22,"connect":1,"send":0,"wait":250,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/checkpoint/ios/getkey","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-13T02:27:07.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"krnl.cat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:27:21 GMT","end":"Thu, 11 Dec 2025 08:25:51 GMT"},"fingerprint":{"sha1":"4E:44:C0:2E:F9:C1:F2:9A:0D:A3:9F:D3:71:15:E3:3F:84:7B:07:19","sha256":"A8:C1:34:8B:D4:E9:83:55:DD:A6:03:85:58:DD:FA:BA:80:F6:A4:55:F3:8E:5E:08:A0:90:6C:E0:C4:5E:A4:7E"}}},"request":{"raw":"GET /checkpoint/ios/getkey HTTP/1.1\r\nHost: krnl.cat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: token=s%3Aeec4528e2e7059e2a25faed288de87022e1a4c4b72710b8e71c087cce23b018556966a70dd8dbaa206897f2ac56b96b0aed95d13fe0cf8720043206c2d931d670e4de58cc6b4dee209e2415d6b0dd56f6d4df77ed5c17edbd35009539dba303b51ab2c81.J2vCVDiBQZomKaN0Nh3pO%2Bz6T6nXAqNdj7XVEbZjtJE; _hwid=s%3A1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585.wKvICON7f0%2F8%2Fxn2TiK0Y7ze1%2F3xgWdrrk8Gv0c05Oo\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Sep 2025 02:27:07 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-encoding: br\r\nx-powered-by: Express\r\ncache-control: no-cache\r\nset-cookie: token=s%3Aeec4528e2e7059e2a25faed288de87022e1a4c4b72710b8e71c087cce23b018556966a70dd8dbaa206897f2ac56b96b0aed95d13fe0cf8720043206c2d931d670e4de58cc6b4dee209e2415d6b0dd56f6d4df77ed5c17edbd35009539dba303b51ab2c81.J2vCVDiBQZomKaN0Nh3pO%2Bz6T6nXAqNdj7XVEbZjtJE; Max-Age=3515460854; Path=/; Expires=Wed, 06 Feb 2137 07:21:21 GMT; Secure\n_hwid=s%3A1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585.wKvICON7f0%2F8%2Fxn2TiK0Y7ze1%2F3xgWdrrk8Gv0c05Oo; Max-Age=18000; Path=/; Expires=Sat, 13 Sep 2025 07:27:07 GMT; Secure\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=9KQ7EWdM0renOHVrexc%2BNB%2F1aygyFOEb0yeGP6s%2BWWI%2FZRJB4KFLq7SaWILZ8rog9pVyUFBs%2FB24rR7cNw6aX65CgBShBBc6aIEaBIJqZsoqgKbb1by0cXEQLA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\ncf-ray: 97e43421794656a2-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfOrigin;dur=91,cfEdge;dur=12, cfL4;desc=\"?proto=TCP\u0026rtt=4666\u0026min_rtt=422\u0026rtt_var=8291\u0026sent=10\u0026recv=14\u0026lost=0\u0026retrans=0\u0026sent_bytes=4600\u0026recv_bytes=1723\u0026delivery_rate=6652373\u0026cwnd=256\u0026unsent_bytes=0\u0026cid=4fc18fd7bf6582a4\u0026ts=254\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":13778,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (8132), with CRLF, LF line terminators","md5":"c30a20e78bf4eb7b654a1d76183e0592","sha1":"cc100766ea7ef0c0c78eee4418ed090e2568d0f1","sha256":"cdefe18df9df8803a7c84f71dc7025b1c065fa9f99a778d12042e55e7dc40889","sha512":"d80a960c6d3e5b4a14e593560842924c162484a0208ab1104e82a580bf00a558a0c7cb67681d17ebe71e1d4490cee298475d102b839a0f07a54cdf1f25e29940","ssdeep":"192:iM+7tDDiGYjQGr00N0DscXTL4vm4hBKpL3Bf86k713u9GHoVcNGsv0v2v893Q9Ut:iM+pPinjQb/0DBKl3Bf8g9GYNTxXT","tlshash":"50527df2785dd22782e2028f9132a28dfd7ec173d21934d7b1c9a81635d5ef99e63806","first_seen":"2025-09-13T02:27:32.27747Z","last_seen":"2025-09-13T02:27:32.27747Z","times_seen":1,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/css/imgs/keysys-bg.png","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://krnl.cat/checkpoint/ios/getkey","date":"2025-09-13T02:27:07.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"krnl.cat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:27:21 GMT","end":"Thu, 11 Dec 2025 08:25:51 GMT"},"fingerprint":{"sha1":"4E:44:C0:2E:F9:C1:F2:9A:0D:A3:9F:D3:71:15:E3:3F:84:7B:07:19","sha256":"A8:C1:34:8B:D4:E9:83:55:DD:A6:03:85:58:DD:FA:BA:80:F6:A4:55:F3:8E:5E:08:A0:90:6C:E0:C4:5E:A4:7E"}}},"request":{"raw":"GET /css/imgs/keysys-bg.png HTTP/1.1\r\nHost: krnl.cat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://krnl.cat/css/keysys-styles.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: token=s%3Aeec4528e2e7059e2a25faed288de87022e1a4c4b72710b8e71c087cce23b018556966a70dd8dbaa206897f2ac56b96b0aed95d13fe0cf8720043206c2d931d670e4de58cc6b4dee209e2415d6b0dd56f6d4df77ed5c17edbd35009539dba303b51ab2c81.J2vCVDiBQZomKaN0Nh3pO%2Bz6T6nXAqNdj7XVEbZjtJE; _hwid=s%3A1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585.wKvICON7f0%2F8%2Fxn2TiK0Y7ze1%2F3xgWdrrk8Gv0c05Oo\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 02:27:07 GMT\r\ncontent-type: image/png\r\ncontent-length: 8069359\r\nlast-modified: Tue, 11 Feb 2025 01:54:35 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67aaaddb-7b20ef\"\r\nexpires: Sat, 13 Sep 2025 11:22:18 GMT\r\ncache-control: public, max-age=86400\r\naccept-ranges: bytes\r\nage: 54289\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9wE1Am05ScwoiAafROMz5d6TBHVpKa1SXrnsXenEjOGPiuOXr7DXUg2VwAhBvXvY0XyO%2BQWu5RQc6XwHl7A6WbriBVtC%2FDAo\"}]}\r\nx-xss-protection: 1; mode=block\r\nvary: accept-encoding\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncf-ray: 97e434237c22b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8069359,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 3840 x 2160, 8-bit/color RGBA, non-interlaced","md5":"cd2fcb6f091327d81101b811ba040062","sha1":"1a012f5aab8689c374a145027bba2ed9fe1ac176","sha256":"c273250104fcd7032b8bb77b9d6d0ff3a7aaaab18d6709783ff563b7347e431c","sha512":"9a70eacd7eaf0595822b03f6a921fce2c5c436b8d9637d2cd35ade1ee13477bc1616dd72ee12d89beb4accf35dc091d8cb58dda3692222caea09499ef19c6654","ssdeep":"24576:KpNS/d1HKWDv/0L/EvG6T+LAHoyVUHpC28F82hpJXnr5b5:BiWDv/IoGarIiMkFH/nr5t","tlshash":"77252326f3be7500932338c3cee179e6c1e9b85f4f6c18772829a12093699fd8559763","first_seen":"2025-09-13T02:27:32.279658Z","last_seen":"2025-09-13T02:28:52.081347Z","times_seen":2,"resource_available":false,"data":null}},"time_used":817,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":812,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/favicon.ico","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://krnl.cat/checkpoint/ios/getkey","date":"2025-09-13T02:27:07.595Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"krnl.cat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:27:21 GMT","end":"Thu, 11 Dec 2025 08:25:51 GMT"},"fingerprint":{"sha1":"4E:44:C0:2E:F9:C1:F2:9A:0D:A3:9F:D3:71:15:E3:3F:84:7B:07:19","sha256":"A8:C1:34:8B:D4:E9:83:55:DD:A6:03:85:58:DD:FA:BA:80:F6:A4:55:F3:8E:5E:08:A0:90:6C:E0:C4:5E:A4:7E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: krnl.cat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://krnl.cat/checkpoint/ios/getkey\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: token=s%3Aeec4528e2e7059e2a25faed288de87022e1a4c4b72710b8e71c087cce23b018556966a70dd8dbaa206897f2ac56b96b0aed95d13fe0cf8720043206c2d931d670e4de58cc6b4dee209e2415d6b0dd56f6d4df77ed5c17edbd35009539dba303b51ab2c81.J2vCVDiBQZomKaN0Nh3pO%2Bz6T6nXAqNdj7XVEbZjtJE; _hwid=s%3A1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585.wKvICON7f0%2F8%2Fxn2TiK0Y7ze1%2F3xgWdrrk8Gv0c05Oo\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sat, 13 Sep 2025 02:27:07 GMT\r\ncontent-type: text/html\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: br\r\ncache-control: max-age=3600\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gMI3LY60hppvj%2B34XsTa7631Zo47CPNciBMBkEMisodbDEnd6PWRi%2F6eXqHKmCMPYqlGWAvfkHT2UvMaUfRLkOUoUup9KSxk\"}]}\r\nvary: accept-encoding\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncf-ray: 97e434247c28b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"37d5c3a24983196361e6ce9b1a499464","sha1":"2dd5878df894f3c648e42408879e9a61c112d1b3","sha256":"766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07","sha512":"cc140d1f61a01ba5f282d682dfeb19229426c7164b147a3031d3b5544c2d7213ce19b075a81d5e00750bdac7b1d9232b8b971e026d838ccae9466523338b09a9","ssdeep":"","tlshash":"eac08c6e2513bd4cc663217432c36490c08b93a7a4ea42228440805331cb2aa8ac7396","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-04-22T15:47:59.224324Z","times_seen":20500,"resource_available":true,"data":null}},"time_used":659,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":658,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:20.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 10:31:15 GMT","end":"Sun, 23 Nov 2025 11:31:12 GMT"},"fingerprint":{"sha1":"77:EF:87:8D:9A:D6:8C:EF:F9:8F:05:89:BF:F2:6B:C2:CF:78:19:EF","sha256":"3C:23:A9:CF:90:2C:6B:74:27:D0:FC:3B:92:A8:A9:AD:66:5F:B0:D4:DE:28:80:4D:49:D0:4C:22:AE:D2:F3:90"}}},"request":{"raw":"GET /@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://loot-link.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Sep 2025 02:27:20 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-encoding: gzip\r\ncf-ray: 97e434730b5756c9-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 1369687\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 13 Sep 2026 02:27:20 GMT\r\nlast-modified: Tue, 15 Jul 2025 19:57:29 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncontent-digest: sha256=:s5bGhH+Rb5OzU93ckkWwVq2QDRFc+1ieeQm6mW6vcK8=:\r\ncross-origin-resource-policy: cross-origin\r\nfly-request-id: 01K07TKSQNP6VC4Y41E380FF4N-ord\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":383981,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (27447)","md5":"bc1ccb003c8dbdb1f75efa1fd38362bf","sha1":"8ae598f92b85ef618e90e0129d57fb94c8f6c3b8","sha256":"b396c6847f916f93b353dddc9245b056ad900d115cfb589e7909ba996eaf70af","sha512":"da7392435a35a21260083593ad27b6b451b8094f21bab08644ea542a8a2980f1d3da6516cb59a02de776d667f695ef27f60676737ba3387ba25e58af02762f4d","ssdeep":"6144:a4oQYPIDD5g3/btDQ3PSIoPabTzf/W8tpgsQ5cDo4Dd:SPI3+Ch+p5c35","tlshash":"478418597254743905c54069803f090bf636392e246ac09cb76cf4efa9bde8d32beb79","first_seen":"2024-11-04T13:40:42.622928Z","last_seen":"2026-04-22T15:05:41.760976Z","times_seen":3715,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/favicon.ico","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:18.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loot-link.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Thu, 13 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:29:EE:C8:55:1A:0D:B4:EC:B8:40:2C:83:64:56:BA:0A:3A:6D:87","sha256":"57:1B:D3:2E:DE:00:9D:E6:B9:5C:D0:44:4C:67:D9:7F:05:9C:9F:6D:54:F5:E2:C3:E3:5F:1D:AC:26:0D:CD:35"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: loot-link.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/s?2H7lKsgw\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ncontent-length: 159\r\ndate: Sat, 13 Sep 2025 02:27:19 GMT\r\nserver: openresty/1.21.4.1\r\nx-cache: Error from cloudfront\r\nvia: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: vKStraWXnQbI3chBK5HnzzSBc2JAneIsYJ78sFuP8nbt4ksyQseOPQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"707a6bf80b2aae914a3475cb829e534b","sha1":"2e70d81cf7a8b2c2bf66521e720969d1e92f3819","sha256":"20703cc00e86bed52bb9af00fac1cbd8c3dc16c2866b7251288325f1501c8755","sha512":"b533b0cfccaa31c1c36c2474b68c0fbd45ca74225d8fa19ecab66d024c302a615f5829c7bd5a23384f203dd5cfcb2f364581d7a5ca13267c4bf84aeb8b3b7797","ssdeep":"","tlshash":"83c08c2d2423ac0c8663207626c36190c18a8327e56a41118540805730cf1998ac33aa","first_seen":"2023-04-07T07:46:27Z","last_seen":"2026-04-17T18:40:00.989068Z","times_seen":1112,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fingerprinting36542.s3.us-east-1.amazonaws.com/fingerprint.js","fqdn":"fingerprinting36542.s3.us-east-1.amazonaws.com","domain":"s3.us-east-1.amazonaws.com","tld":"us-east-1.amazonaws.com"},"ip":{"addr":"52.216.33.122","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:19.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sun, 20 Jul 2025 00:00:00 GMT","end":"Thu, 25 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"16:D2:7A:E0:6B:B2:6D:C0:8F:8C:4E:E5:2B:1F:47:F3:EF:60:7F:68","sha256":"EF:42:24:62:84:5D:EF:F9:AE:18:7F:85:D7:C7:56:73:2D:8B:30:D2:CD:83:77:3B:45:EF:24:B2:93:43:99:33"}}},"request":{"raw":"GET /fingerprint.js HTTP/1.1\r\nHost: fingerprinting36542.s3.us-east-1.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: lA3ZxZt/Not5zTVROJGSWJW20vE6a1N9U2eneJgbUosNx0txsaLIYNuRDBg6jN8c1iFKnjE7pwA=\r\nx-amz-request-id: T1X4Q7ET3WCS64TQ\r\nDate: Sat, 13 Sep 2025 02:27:20 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, PUT, POST, DELETE\r\nVary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\nLast-Modified: Mon, 09 Dec 2024 12:08:59 GMT\r\nETag: \"9ac06ba71cc5803c7515b3e8c3a2854d\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nContent-Type: application/javascript\r\nContent-Length: 38143\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":38143,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38136), with no line terminators","md5":"9ac06ba71cc5803c7515b3e8c3a2854d","sha1":"03ba918aad85dda720c6f46267eb4fba9103aac3","sha256":"6cf24eed847d975853348f50d95b192ac37a4c49e96d8888af6dd2e15631a1fd","sha512":"8db044466454b70e2dcf368078e845163e714e68e5405fc5d3cb9202737c7e3f9696a1f231d1ba0b8ace9dc46712035eab112c3ef3f728be64644cffd587b0e7","ssdeep":"384:2xcDKdRZKREaMRMBp5iKQID95wH3KqwzrWmKj5+pCqNFaiE8E0QIQfJWbkhGYKon:x3RBp5Kjnc9NwlJWbhSu+AW","tlshash":"300306d8b2c3b06e227368b5457f6006b23a7d50346d8842c523e5d57ca9e6e913bfbc","first_seen":"2024-12-09T20:50:59.331644Z","last_seen":"2026-04-20T22:55:47.117996Z","times_seen":905,"resource_available":true,"data":null}},"time_used":665,"timings":{"blocked":223,"dns":8,"connect":94,"send":0,"wait":123,"receive":95,"ssl":118},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nerventualken.com/tc","fqdn":"nerventualken.com","domain":"nerventualken.com","tld":"com"},"ip":{"addr":"172.67.197.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:19.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nerventualken.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 23 Jul 2025 08:56:48 GMT","end":"Tue, 21 Oct 2025 09:55:30 GMT"},"fingerprint":{"sha1":"94:A3:33:81:E7:7B:7D:CE:9B:E1:64:90:F3:93:66:5C:60:46:F2:1F","sha256":"7C:49:76:39:86:64:5B:5E:01:41:9E:12:41:C4:6A:9B:B6:29:4B:0E:30:28:CB:BB:59:40:4F:64:1A:71:35:7D"}}},"request":{"raw":"OPTIONS /tc HTTP/1.1\r\nHost: nerventualken.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://loot-link.com/\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Sep 2025 02:27:19 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccess-control-allow-origin: https://loot-link.com\r\naccess-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-methods: POST, GET, OPTIONS, HEAD\r\naccess-control-allow-credentials: true\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YTlonXfNQZcRRO9wLQGdNJ89qhZIvgWmjn0QWu%2FiNu5bMpg01Pphoaa36R7ITUnhY0nDYyT9dvb40qpbDB1WfoYYTwoydvoCt%2FhawWMw8Q%3D%3D\"}]}\r\ncontent-encoding: br\r\nset-cookie: ci=554099709233134; SameSite=None; Secure; Max-Age=86400\r\ncf-ray: 97e4346cbcda7130-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T16:09:26.709379Z","times_seen":14066297,"resource_available":true,"data":null}},"time_used":371,"timings":{"blocked":37,"dns":6,"connect":5,"send":0,"wait":293,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://krnl.cat/checkpoint/ios/getkey","date":"2025-09-13T02:27:07.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 24 Aug 2025 02:39:12 GMT","end":"Sat, 22 Nov 2025 03:39:06 GMT"},"fingerprint":{"sha1":"B4:6C:D2:16:CA:52:EE:BD:22:D7:B4:2C:64:FF:A5:EF:67:D8:E1:F8","sha256":"FF:3A:23:84:D6:B2:73:DF:50:6E:1A:45:A4:AB:03:37:0B:C4:4A:8E:82:12:99:10:80:A2:F7:FC:71:E3:BA:1D"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://krnl.cat\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Sep 2025 02:27:07 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 97e434237f3756bf-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-22T16:08:17.28205Z","times_seen":333302,"resource_available":true,"data":null}},"time_used":64,"timings":{"blocked":21,"dns":1,"connect":1,"send":0,"wait":18,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/12.js","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:17.614Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loot-link.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Thu, 13 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:29:EE:C8:55:1A:0D:B4:EC:B8:40:2C:83:64:56:BA:0A:3A:6D:87","sha256":"57:1B:D3:2E:DE:00:9D:E6:B9:5C:D0:44:4C:67:D9:7F:05:9C:9F:6D:54:F5:E2:C3:E3:5F:1D:AC:26:0D:CD:35"}}},"request":{"raw":"GET /12.js HTTP/1.1\r\nHost: loot-link.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/s?2H7lKsgw\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sat, 13 Sep 2025 02:27:17 GMT\r\ncontent-encoding: gzip\r\nvary: accept-encoding\r\nserver: openresty/1.21.4.1\r\nlast-modified: Fri, 12 Sep 2025 07:00:01 GMT\r\netag: W/\"68c3c4f1-2a094\"\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: EuqQOeOe_R7FLt5TLD4qAjX6E38yvSoWWZHqP1E5A88-L-NnKYUOog==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":172180,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5f159c1513c489bbcaa26cedd050dd61","sha1":"78b249b4a7f5d1b4bcb54f4b8b14720af65262d7","sha256":"94001143badb4d8788a497b41397de11702c6a330daae66f6f256db6b328f8eb","sha512":"0f1c871642c86fdebe3c35ae81374defd223a8dabedc1a9c269e1e50d7f08ed719ade05f4dd6e4988f9ba332b7a8e61e7b68b62d23f1c93926a14de843df1aef","ssdeep":"1536:pvUwFwqqsGvWfqhUUPB1+OLATvEECx3d4VdFosx:JBqs8WA9PB9AdFoy","tlshash":"8ef37770f34cac5e6286c9e3212d94adc122e94fed705ed49745e8ecfc85d46b8a893c","first_seen":"2025-09-07T18:31:49.746468Z","last_seen":"2025-09-13T02:28:52.070237Z","times_seen":4,"resource_available":true,"data":null}},"time_used":301,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":301,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-09-13","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"loot-link.com/12.js","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/play/v21/6ae84K2oVqwItm4TCpAy2g.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:18.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 08:41:01 GMT","end":"Mon, 17 Nov 2025 08:41:00 GMT"},"fingerprint":{"sha1":"41:D2:08:38:86:84:32:C2:76:B6:A0:7C:F7:02:4C:C5:55:4E:2F:1E","sha256":"A5:34:21:73:D5:FC:24:AF:0D:8A:56:A2:A7:5C:BD:41:46:45:3B:DE:78:A3:6B:67:9C:80:C8:44:02:A9:12:D0"}}},"request":{"raw":"GET /s/play/v21/6ae84K2oVqwItm4TCpAy2g.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 18156\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 10 Sep 2025 17:20:33 GMT\r\nexpires: Thu, 10 Sep 2026 17:20:33 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 19:04:00 GMT\r\ncontent-type: font/woff2\r\nage: 205605\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18156,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18156, version 1.0","md5":"aad808c85ec3c88ca213ac1cb5f02d03","sha1":"c95ec71ed1a088fced4797a512cd2cba9790a27f","sha256":"d539e6e7c0240f1565b1156395d914d93200b2c3ba312809813bb6ca6f96578b","sha512":"782a500a5f5ecf9b3f54a62186353227e1209affaf470dc285c88a4a910dd27b0a74fc8ed1a9b63c1e8602c9fddc37c94b00fe2fd8e384f8fb93432968ed33c1","ssdeep":"384:PFjxIjX2LTtwL4HrZ9UxmdNzZCBV8KMD1au:9iiHtwLAZKqeV8KW1d","tlshash":"b682d08042f203d6f9a4b2366de73469863755a4aa948edc3fb07872f0562f45306fb7","first_seen":"2025-06-03T16:05:08.724808Z","last_seen":"2026-04-22T11:49:39.142307Z","times_seen":966,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":110,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pagead2.googlesyndication.com/pagead/js/adsbygoogle.js","fqdn":"pagead2.googlesyndication.com","domain":"googlesyndication.com","tld":"com"},"ip":{"addr":"142.250.178.98","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:19.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.g.doubleclick.net","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 08:39:46 GMT","end":"Mon, 17 Nov 2025 08:39:45 GMT"},"fingerprint":{"sha1":"D2:1A:B6:E1:3F:C4:75:D6:37:50:6B:81:A2:6D:9A:5B:5A:4F:77:5B","sha256":"5C:D1:79:EA:7B:87:AC:65:B1:8A:14:DA:81:BD:07:B2:36:8B:08:E7:26:8D:D2:92:EC:EF:A1:CB:D7:91:E1:46"}}},"request":{"raw":"GET /pagead/js/adsbygoogle.js HTTP/1.1\r\nHost: pagead2.googlesyndication.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://loot-link.com/\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nlink: \u003chttps://googleads.g.doubleclick.net\u003e; rel=\"preconnect\"; crossorigin\r\nvary: Accept-Encoding\r\ndate: Sat, 13 Sep 2025 02:27:19 GMT\r\nexpires: Sat, 13 Sep 2025 02:27:19 GMT\r\ncache-control: private, max-age=3600, stale-while-revalidate=3600\r\ncontent-type: text/javascript; charset=UTF-8\r\netag: 13342685089479928214\r\naccess-control-allow-origin: *\r\nx-content-type-options: nosniff\r\ncontent-disposition: attachment; filename=\"f.txt\"\r\ncontent-encoding: br\r\nserver: cafe\r\ncontent-length: 54390\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":160739,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4830)","md5":"6d5800fcafa4802a170251f0ca56fc97","sha1":"f65833d016ef58d9c8c3c97963a4b6770e6cdb56","sha256":"001ae86348aab35d94ab79fcbfd4195596ad7b701643c9319c17b296316598b6","sha512":"117ea9cd3b15dd6abcccebfc1d7e6e37759e7bb8caf73dfbd31523eee6394c5cf8f8a880ead971b37c759ceb0fc36ebd68834e22a74c123a41bb9a00933e2035","ssdeep":"3072:Sy4Keb5/AUT+ecwACJUSNYFQ6Vxnr2q7XtTZElQ5wAMyhyxCCBkqHCXRl+MHA/BB:Sy4KKyUTrcwACJUSNSbVxnr2eXtTZEqQ","tlshash":"78f309d971a2bcb38b6399e5006f0107b52da863f00cc8b0f1d8ded97a249655277fad","first_seen":"2025-09-13T02:27:32.293723Z","last_seen":"2025-09-13T02:27:32.293723Z","times_seen":1,"resource_available":false,"data":null}},"time_used":309,"timings":{"blocked":118,"dns":3,"connect":15,"send":0,"wait":46,"receive":24,"ssl":99},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nerventualken.com/tc","fqdn":"nerventualken.com","domain":"nerventualken.com","tld":"com"},"ip":{"addr":"172.67.197.84","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:19.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nerventualken.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 23 Jul 2025 08:56:48 GMT","end":"Tue, 21 Oct 2025 09:55:30 GMT"},"fingerprint":{"sha1":"94:A3:33:81:E7:7B:7D:CE:9B:E1:64:90:F3:93:66:5C:60:46:F2:1F","sha256":"7C:49:76:39:86:64:5B:5E:01:41:9E:12:41:C4:6A:9B:B6:29:4B:0E:30:28:CB:BB:59:40:4F:64:1A:71:35:7D"}}},"request":{"raw":"POST /tc HTTP/1.1\r\nHost: nerventualken.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://loot-link.com/\r\nContent-Type: application/json\r\nContent-Length: 703\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 13 Sep 2025 02:27:20 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccess-control-allow-origin: https://loot-link.com\r\naccess-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-methods: POST, GET, OPTIONS, HEAD\r\naccess-control-allow-credentials: true\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FkQB8jHjT8%2Bl3GIb4uN2GIqMMqE4Ya%2FnHZJVXDB%2Fpz9ymvI%2B5xw5l89resCqDJbDfyFRVgOWnJIHKxe64fT8hsN8l1eHURmAaF6fmKYwHVsD\"}]}\r\ncontent-encoding: br\r\nset-cookie: ci=947867879297036; SameSite=None; Secure; Max-Age=86400\r\ncf-ray: 97e4346edf9532fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":595,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"88e3fc5899443a00ed6aa199bffb0935","sha1":"68e268f300c3f661ad9acefbd064b552c9e212b2","sha256":"3f371c346990e27e1a1036db197c7f7d025ffa945aa110b9e49d4e7ec861f818","sha512":"2de55b98b8b1c811f138cd29ebf74b67f16845a3fe13ca509a031a18b330c674c79ca460692f307ae94e26d7103daefdd3689757d8f9457dc5859f1893d52af5","ssdeep":"","tlshash":"57f0e17ba97d08a36fd14170c6513b1c7a24612c1ba48678f450c84d4a9efeaa18dd6e","first_seen":"2025-09-13T02:27:32.295164Z","last_seen":"2025-09-13T02:27:32.295164Z","times_seen":1,"resource_available":false,"data":null}},"time_used":965,"timings":{"blocked":-1,"dns":8,"connect":1,"send":0,"wait":583,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.0.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:20.098Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 10:31:15 GMT","end":"Sun, 23 Nov 2025 11:31:12 GMT"},"fingerprint":{"sha1":"77:EF:87:8D:9A:D6:8C:EF:F9:8F:05:89:BF:F2:6B:C2:CF:78:19:EF","sha256":"3C:23:A9:CF:90:2C:6B:74:27:D0:FC:3B:92:A8:A9:AD:66:5F:B0:D4:DE:28:80:4D:49:D0:4C:22:AE:D2:F3:90"}}},"request":{"raw":"GET /@lottiefiles/lottie-player@latest/dist/lottie-player.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 13 Sep 2025 02:27:20 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 71\r\ncf-ray: 97e43472bb4c56c9-OSL\r\nlocation: /@lottiefiles/lottie-player@2.0.12/dist/lottie-player.js\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=60, s-maxage=300\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":383981,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T16:09:26.709379Z","times_seen":14066297,"resource_available":true,"data":null}},"time_used":76,"timings":{"blocked":21,"dns":4,"connect":1,"send":0,"wait":30,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/qr.png","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:20.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loot-link.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Thu, 13 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:29:EE:C8:55:1A:0D:B4:EC:B8:40:2C:83:64:56:BA:0A:3A:6D:87","sha256":"57:1B:D3:2E:DE:00:9D:E6:B9:5C:D0:44:4C:67:D9:7F:05:9C:9F:6D:54:F5:E2:C3:E3:5F:1D:AC:26:0D:CD:35"}}},"request":{"raw":"GET /qr.png HTTP/1.1\r\nHost: loot-link.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/s?2H7lKsgw\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 7224\r\ndate: Sat, 13 Sep 2025 02:27:20 GMT\r\naccept-ranges: bytes\r\nserver: openresty/1.21.4.1\r\nlast-modified: Fri, 12 Sep 2025 07:00:01 GMT\r\netag: \"68c3c4f1-1c38\"\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 1ie86LOyGrQVc9PIZ4ewEBpsOk_-GU-knFcOwnfnz2SHAon8QPHubQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":7224,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1160 x 1160, 8-bit/color RGB, non-interlaced","md5":"a93ba4860dc42551669d1c44999d6219","sha1":"f42f4d71fa233d571ec60e8998b15772eedf9b6c","sha256":"bdd20de2c3c9af1e3df3ac71b2a52de1704c06e3bf2885db0a48423380f559cb","sha512":"c39361ebaf0aa3c799b0f2fa62acbaf5e779f19b19042c61c27bb7703d2c10bd11034755fb07a6bcff4035f690d65c51367cfb4dc5d1b0d12e4473ecdddd819b","ssdeep":"192:y5iSWmbbbbbbbbbbbbbbbbbbVbbbbbbbbbbbbbbbbbbZhpbbbbbbbbbbbbbbbbbL:y3WGB","tlshash":"e4e1b91d05510a2c6edeafeb89c544c8bed5e247c9f97b63e31a1868e40143cad6edb0","first_seen":"2025-03-20T23:46:21.232783Z","last_seen":"2026-04-12T16:53:30.523804Z","times_seen":591,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/checkpoint/ios/v1?hwid=1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-13T02:27:06.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"krnl.cat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:27:21 GMT","end":"Thu, 11 Dec 2025 08:25:51 GMT"},"fingerprint":{"sha1":"4E:44:C0:2E:F9:C1:F2:9A:0D:A3:9F:D3:71:15:E3:3F:84:7B:07:19","sha256":"A8:C1:34:8B:D4:E9:83:55:DD:A6:03:85:58:DD:FA:BA:80:F6:A4:55:F3:8E:5E:08:A0:90:6C:E0:C4:5E:A4:7E"}}},"request":{"raw":"GET /checkpoint/ios/v1?hwid=1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585 HTTP/1.1\r\nHost: krnl.cat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 13 Sep 2025 02:27:07 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncf-ray: 97e43420a92256a2-OSL\r\nx-powered-by: Express\r\ncache-control: no-cache\r\nset-cookie: token=s%3Aeec4528e2e7059e2a25faed288de87022e1a4c4b72710b8e71c087cce23b018556966a70dd8dbaa206897f2ac56b96b0aed95d13fe0cf8720043206c2d931d670e4de58cc6b4dee209e2415d6b0dd56f6d4df77ed5c17edbd35009539dba303b51ab2c81.J2vCVDiBQZomKaN0Nh3pO%2Bz6T6nXAqNdj7XVEbZjtJE; Max-Age=3515460854; Path=/; Expires=Wed, 06 Feb 2137 07:21:21 GMT; Secure\n_hwid=s%3A1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585.wKvICON7f0%2F8%2Fxn2TiK0Y7ze1%2F3xgWdrrk8Gv0c05Oo; Max-Age=18000; Path=/; Expires=Sat, 13 Sep 2025 07:27:07 GMT; Secure\r\nlocation: /checkpoint/ios/getkey\r\nvary: Accept\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=c%2BPzau%2FdHntkDOvnGhPwhCXGyqT5Bg0Hz%2FC0UavEsO5SzPs3yolpGbfbRNiTNOVImHSpptUgc4mnAjjOrVNKqEpSaLKavYdYzu3PedxeonlTBP%2BFKLlYe11flA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfOrigin;dur=97,cfEdge;dur=19, cfL4;desc=\"?proto=TCP\u0026rtt=5899\u0026min_rtt=422\u0026rtt_var=10937\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3265\u0026recv_bytes=1337\u0026delivery_rate=6652373\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=4fc18fd7bf6582a4\u0026ts=137\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13778,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T16:09:26.709379Z","times_seen":14066297,"resource_available":true,"data":null}},"time_used":172,"timings":{"blocked":26,"dns":5,"connect":1,"send":0,"wait":118,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"krnl.cat/cdn-cgi/rum?","fqdn":"krnl.cat","domain":"krnl.cat","tld":"cat"},"ip":{"addr":"104.21.13.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://krnl.cat/checkpoint/ios/getkey","date":"2025-09-13T02:27:17.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"krnl.cat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 12 Sep 2025 07:27:21 GMT","end":"Thu, 11 Dec 2025 08:25:51 GMT"},"fingerprint":{"sha1":"4E:44:C0:2E:F9:C1:F2:9A:0D:A3:9F:D3:71:15:E3:3F:84:7B:07:19","sha256":"A8:C1:34:8B:D4:E9:83:55:DD:A6:03:85:58:DD:FA:BA:80:F6:A4:55:F3:8E:5E:08:A0:90:6C:E0:C4:5E:A4:7E"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: krnl.cat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://krnl.cat/checkpoint/ios/getkey\r\nContent-Type: application/json\r\nContent-Length: 1012\r\nOrigin: https://krnl.cat\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: token=s%3Aeec4528e2e7059e2a25faed288de87022e1a4c4b72710b8e71c087cce23b018556966a70dd8dbaa206897f2ac56b96b0aed95d13fe0cf8720043206c2d931d670e4de58cc6b4dee209e2415d6b0dd56f6d4df77ed5c17edbd35009539dba303b51ab2c81.J2vCVDiBQZomKaN0Nh3pO%2Bz6T6nXAqNdj7XVEbZjtJE; _hwid=s%3A1b83242585d384f54c36d246e198ac1fa52a17141094ca26e72ff690cda303ebfc6e285d1f5ee56f93d67960a5479585.wKvICON7f0%2F8%2Fxn2TiK0Y7ze1%2F3xgWdrrk8Gv0c05Oo\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://krnl.cat\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nexpect-ct: max-age=86400, enforce\r\nreferrer-policy: same-origin\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LHiqiD54AM%2BaHAkEbgWgA0aAdmkpIEP1t3ZRAM50hfrs2V74nIo4RPOf%2Bi0OVdOoS1LKHidpiJ09KeiDXjW%2FWnRk%2FhKKUpZB\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Sat, 13 Sep 2025 02:27:17 GMT\r\nserver: cloudflare\r\ncf-ray: 97e43462ae58b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T16:09:26.709379Z","times_seen":14066297,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"loot-link.com/WrappedBotd.browser.protected.js","fqdn":"loot-link.com","domain":"loot-link.com","tld":"com"},"ip":{"addr":"54.240.174.64","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:17.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loot-link.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Thu, 13 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:29:EE:C8:55:1A:0D:B4:EC:B8:40:2C:83:64:56:BA:0A:3A:6D:87","sha256":"57:1B:D3:2E:DE:00:9D:E6:B9:5C:D0:44:4C:67:D9:7F:05:9C:9F:6D:54:F5:E2:C3:E3:5F:1D:AC:26:0D:CD:35"}}},"request":{"raw":"GET /WrappedBotd.browser.protected.js HTTP/1.1\r\nHost: loot-link.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/s?2H7lKsgw\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sat, 13 Sep 2025 02:27:17 GMT\r\ncontent-encoding: gzip\r\nvary: accept-encoding\r\nserver: openresty/1.21.4.1\r\nlast-modified: Fri, 12 Sep 2025 19:00:00 GMT\r\netag: W/\"68c46db0-1aaaf\"\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: COIBbSTxodF1HvsKkaNkB59FDMNWWzASttUx_VMQmL9di260S8XFJg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.21.4.1","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":109231,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"95888320adab6afba4a8e0c8f06e8361","sha1":"c04b231b41d57f1cc95e66e04d8f2631a4b10018","sha256":"8fda68ace483a03aa4362a8731fff5b2a37d85aab3de76801ab8e225b217b2df","sha512":"e3a17ad670f939f563fe6d1dc507ab5ba99f90a4b6bc94364fa2f56d5c5ca1a552b0dbb973a4f68f7694ca9a8bf1a3ff3bf28b0dc1f4bf2fc796deef5007bd82","ssdeep":"3072:9ISWWZitd7yfmAa0Zzg/N8OSv0TfuuC8a5MAVCGNs:YhlLqD0TmPMAVCSs","tlshash":"bab3d79462472c958392d1ff142fb285ac2d8e51bc8fdce1d651c3959c306c78afbba2","first_seen":"2025-07-01T16:50:14.740307Z","last_seen":"2026-04-20T22:55:47.111126Z","times_seen":614,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d1wzdj81h1hubn.cloudfront.net/resources/733a385bcfcd91aa.png","fqdn":"d1wzdj81h1hubn.cloudfront.net","domain":"d1wzdj81h1hubn.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.230.245.83","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:20.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /resources/733a385bcfcd91aa.png HTTP/1.1\r\nHost: d1wzdj81h1hubn.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 23418\r\nlast-modified: Tue, 18 Feb 2025 23:39:27 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-publisher_id: 463938\r\nx-amz-meta-timestamp: 2025-02-12T14:14:17.471787\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Fri, 12 Sep 2025 08:05:10 GMT\r\netag: \"294548805ae55e80656c99a5b3ab149e\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: ImhI2WtPvjrhUh6txdmX2CbdTx7KsSnSQNOg3WpfPYj6vg2cTevxMg==\r\nage: 66131\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":23418,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"294548805ae55e80656c99a5b3ab149e","sha1":"b05abc15de1ac7c92b25d315de8920b7fb09c69a","sha256":"b9eda41a610bc1dd40a350336bf5238c9058748b3e1205a0d85c01b581fd7df2","sha512":"7f54adf7bc3450e3d0c24c5853e1da4a1a100b0e48c80c9580aeb9b51279841b8ee116aa382b82b8d3b624e63ff49b4f0c4d6b4fe5e602efd1f8fb3ff6a9a53f","ssdeep":"384:sjRZb0d4M5zFGCxDf856qZLLrdrOrBmYuGiCd8RJi8WPsQ7eLAe/s1I2DX9:sIp6gDUZLXBCmYoK+JifsQ70+t","tlshash":"1eb2bf40ec6f86cdd4cd3ab53b7a884663ee14b0e3c118435cab566745e3ad1a50fbb8","first_seen":"2025-06-09T23:30:02.590986Z","last_seen":"2025-09-13T02:28:52.076226Z","times_seen":8,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":29,"dns":33,"connect":1,"send":0,"wait":3,"receive":1,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d1wzdj81h1hubn.cloudfront.net/icons/gamers.png","fqdn":"d1wzdj81h1hubn.cloudfront.net","domain":"d1wzdj81h1hubn.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.230.245.83","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:20.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /icons/gamers.png HTTP/1.1\r\nHost: d1wzdj81h1hubn.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3802\r\nlast-modified: Tue, 07 Feb 2023 09:32:38 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Fri, 12 Sep 2025 09:02:11 GMT\r\netag: \"079db7c66974eb54145d8d75c1cd5f3a\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: Rs1L78tnd4hHwYMsHUcLXa-0XjNBiBnUOb5BBiSSOQilByaqAs1I1A==\r\nage: 62710\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":3802,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"079db7c66974eb54145d8d75c1cd5f3a","sha1":"05abe393507b06186bb6b920ae9a256373ce81e3","sha256":"3870dd760cdc4eb75b818f1021e6de5a1f0aeab5c9808d401cae885c0246bb00","sha512":"a3c62561e65fa8c27cf08a8adfbbb5739e95ccce2210159b78c6195e70bba7593e624b33334dd733dd3d8b29c838c8049b40877c0ed2897abee4222bba4db785","ssdeep":"","tlshash":"63715b5ee64314128525a4c864f24427124b112989f5e93eb9d5cee284321b9baf3bff","first_seen":"2024-08-20T14:20:07.052301Z","last_seen":"2025-12-14T15:47:32.848786Z","times_seen":8,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":21,"dns":31,"connect":1,"send":0,"wait":2,"receive":3,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"enaightdecipie.com/?event=task_clicked\u0026session_id=341881937566803986\u0026info=1","fqdn":"enaightdecipie.com","domain":"enaightdecipie.com","tld":"com"},"ip":{"addr":"172.67.219.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:21.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"enaightdecipie.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Aug 2025 07:27:13 GMT","end":"Fri, 07 Nov 2025 08:25:52 GMT"},"fingerprint":{"sha1":"ED:3F:41:ED:12:43:FC:87:73:70:DF:F0:BA:96:29:10:56:94:14:27","sha256":"65:38:77:BD:C1:BB:E6:A6:AA:91:E4:74:C1:74:58:92:48:FF:00:7F:44:82:DD:BD:A7:4E:D2:11:E5:61:90:61"}}},"request":{"raw":"POST /?event=task_clicked\u0026session_id=341881937566803986\u0026info=1 HTTP/1.1\r\nHost: enaightdecipie.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 13 Sep 2025 02:27:21 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yVAbuDiwE2dpUh7hKypuefuo5i%2Fc08qUB3rK8h1ghlGGkFrVQEqK4yJxHqt7sDX685nCwPzX20IuHGsPianOgi5u0n2FMfAywEnFCw2ZYqY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 97e4347d2d38b503-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T16:09:26.709379Z","times_seen":14066297,"resource_available":true,"data":null}},"time_used":201,"timings":{"blocked":39,"dns":7,"connect":1,"send":0,"wait":121,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Play:wght@400;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:17.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 08:41:02 GMT","end":"Mon, 17 Nov 2025 08:41:01 GMT"},"fingerprint":{"sha1":"ED:FC:A5:F2:F4:07:8E:0E:EA:C7:96:D8:BE:47:04:EE:34:72:47:E9","sha256":"42:1D:9B:CD:2D:EC:4C:72:94:02:2C:88:B5:FF:BC:A2:B8:35:1B:C6:E0:B5:97:71:DB:7D:5B:6A:FA:CA:C1:8A"}}},"request":{"raw":"GET /css2?family=Play:wght@400;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://loot-link.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 13 Sep 2025 02:27:17 GMT\r\ndate: Sat, 13 Sep 2025 02:27:17 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4192,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"adf2a11b39b09426410dc181032f74e4","sha1":"3e4063f1bb52fc90f41e5cedc3029b8fcb35974c","sha256":"6ab3c2f755a6fdf9c2b798ed7fc8f27007f12f720b50ad13317a28fa57b8020a","sha512":"61642ce161fda1b81ed4f3f348f06d92747f2936d930ea25e32b8f7f88d4291f94d328ad17c1da4afd8222ab4b7a4907bde81d1b294ddc6993e10e875df5ea94","ssdeep":"96:wOEacgOEaAFZlOEaY33OEa7AOEaJJc+uDOEadNTOpa7gOpaqFZlOpaC33OpadOpy:/cvXY3w7pxF7SAC3pfaY5","tlshash":"7781cad60066d810eb530cc223df7e329d5e6161b054c179affe18ccacead2a2361b0d","first_seen":"2025-09-11T09:59:06.566554Z","last_seen":"2026-04-22T14:19:43.573878Z","times_seen":384,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":111,"dns":1,"connect":15,"send":0,"wait":32,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"curyrentattrib.info/ptr?i=19910c52d70fb26","fqdn":"curyrentattrib.info","domain":"curyrentattrib.info","tld":"info"},"ip":{"addr":"54.240.174.118","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://loot-link.com/s?2H7lKsgw","date":"2025-09-13T02:27:21.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"curyrentattrib.info","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 29 Mar 2025 00:00:00 GMT","end":"Mon, 27 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"59:27:69:60:40:E5:09:5F:8D:43:42:6A:3E:C2:BE:5F:CA:CE:05:70","sha256":"5B:7D:78:B8:D8:5F:C7:CE:8E:BE:4C:C5:2B:D7:3E:F0:F7:6D:38:EF:0B:42:A4:57:BB:19:1E:00:29:E8:06:17"}}},"request":{"raw":"GET /ptr?i=19910c52d70fb26 HTTP/1.1\r\nHost: curyrentattrib.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://loot-link.com/\r\nOrigin: https://loot-link.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/plain\r\ncontent-length: 0\r\ndate: Sat, 13 Sep 2025 02:27:21 GMT\r\naccept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List\r\nset-cookie: AWSALB=9Sl62Ld/1zruo4Lf9CcFTSc3qnq1GL2nondmaY9wXIlja3f6TSaAKB5/qYTLUAfE7ZZOGUQY4OSIC2weKHlE4wzn490l7Y/UlXoc6dgnhOGzWiAUpLTNJDWmcxld; Expires=Sat, 20 Sep 2025 02:27:21 GMT; Path=/\nAWSALBCORS=9Sl62Ld/1zruo4Lf9CcFTSc3qnq1GL2nondmaY9wXIlja3f6TSaAKB5/qYTLUAfE7ZZOGUQY4OSIC2weKHlE4wzn490l7Y/UlXoc6dgnhOGzWiAUpLTNJDWmcxld; Expires=Sat, 20 Sep 2025 02:27:21 GMT; Path=/; SameSite=None\r\nserver: openresty/1.17.8.2\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://loot-link.com\r\ncache-control: no-store, no-cache, must-revalidate, no-transform\r\npragma: no-cache\r\np3p: CP=\"NID DSP ALL COR\"\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: iBc1NF9paszu7H9MVXsbGxuGpsFfFfbhcEish-P921yB3-GDrnCxEw==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"OpenResty:1.17.8.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T16:09:26.709379Z","times_seen":14066297,"resource_available":true,"data":null}},"time_used":276,"timings":{"blocked":86,"dns":15,"connect":1,"send":0,"wait":104,"receive":0,"ssl":65},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}