{"report_id":"dbfe6676-6cc3-4b05-adaf-406027acfd75","version":6,"status":"done","tags":[],"date":"2025-12-04T02:48:46Z","url":{"schema":"http","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"104.21.8.8","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"title":"Vídeos PornoXxx Dominicana \u0026 Peliculas Sexo XXX","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"104.21.8.8","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-08T02:48:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":27}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-04T02:48:26Z","timestamp":1764816506,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.30","port":42170,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-12-04T02:48:26.172151+0000\",\"flow_id\":2155875854360695,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.30\",\"src_port\":42170,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-12-04T02:48:26.172151+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"css.xcss.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"css.xcss.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"www.displayvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"pawgleamed.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"pawgleamed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"pawgleamed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"displayvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"protrafficinspector.com","ip":{"addr":"35.157.43.145","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-12-02T19:40:58.517983Z","alert_count":0,"request_count":3,"received_data":1154,"sent_data":1297,"comment":"","tags":null,"fingerprints":null},{"fqdn":"adsco.re","ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2017-02-14","domain_rank":3069,"first_seen":"2017-04-03T03:11:30Z","last_seen":"2025-12-03T05:28:15.45571Z","alert_count":0,"request_count":1,"received_data":1793,"sent_data":457,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-30T22:14:19.793229Z","alert_count":0,"request_count":1,"received_data":11460,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"xxxdominicano.com","ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-09-29","domain_rank":882323,"first_seen":"2023-09-29T16:34:42Z","last_seen":"2025-10-18T13:25:59.948641Z","alert_count":37,"request_count":37,"received_data":2692671,"sent_data":18886,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Yoast SEO:26.5","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"WordPress:6.9","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-12-03T15:19:41.85936Z","alert_count":9,"request_count":3,"received_data":257868,"sent_data":1134,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"stats.wp.com","ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"1997-03-28","domain_rank":22660,"first_seen":"2017-01-30T05:06:59Z","last_seen":"2025-11-30T22:41:10.508648Z","alert_count":0,"request_count":1,"received_data":4265,"sent_data":377,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"realizationnewestfangs.com","ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-02T06:26:57.543488Z","last_seen":"2025-12-01T21:38:20.944308Z","alert_count":18,"request_count":6,"received_data":30499,"sent_data":6795,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-30T22:13:37.547558Z","alert_count":0,"request_count":2,"received_data":81926,"sent_data":1104,"comment":"","tags":null,"fingerprints":null},{"fqdn":"css.xcss.me","ip":{"addr":"67.212.184.148","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"domain_registered":"2025-09-02","domain_rank":0,"first_seen":"2025-11-09T10:28:47.853209Z","last_seen":"2025-11-30T13:57:36.085309Z","alert_count":2,"request_count":1,"received_data":3224,"sent_data":378,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.displayvertising.com","ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2020-04-18","domain_rank":639069,"first_seen":"2020-04-29T17:59:02Z","last_seen":"2025-11-26T14:35:50.053576Z","alert_count":1,"request_count":1,"received_data":42503,"sent_data":437,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"6.adsco.re","ip":{"addr":"104.16.43.28","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-02-14","domain_rank":91627,"first_seen":"2018-01-15T04:15:29Z","last_seen":"2025-11-28T05:55:23.258022Z","alert_count":0,"request_count":2,"received_data":1003,"sent_data":795,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"tm5r00enbwg8.n4.adsco.re","ip":{"addr":"38.132.109.126","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":463,"sent_data":409,"comment":"","tags":null,"fingerprints":null},{"fqdn":"tm5r00enbwg8.s4.adsco.re","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":0,"sent_data":409,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pixel.wp.com","ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"1997-03-28","domain_rank":22824,"first_seen":"2017-01-30T05:31:40Z","last_seen":"2025-11-30T22:42:42.955265Z","alert_count":0,"request_count":1,"received_data":251,"sent_data":530,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pawgleamed.com","ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-10-14","domain_rank":1435223,"first_seen":"2024-12-05T17:30:32.690989Z","last_seen":"2025-11-22T11:35:56.972189Z","alert_count":3,"request_count":1,"received_data":107408,"sent_data":412,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"hardexpendstrategy.com","ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-08-01","domain_rank":475627,"first_seen":"2025-05-10T13:22:56.525838Z","last_seen":"2025-11-13T20:39:36.600946Z","alert_count":12,"request_count":4,"received_data":189891,"sent_data":1672,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-12-01T00:54:16.933365Z","alert_count":0,"request_count":4,"received_data":332979,"sent_data":1848,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"wayfarerorthodox.com","ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-08-08T11:06:50.216151Z","last_seen":"2025-12-01T13:46:59.239014Z","alert_count":30,"request_count":10,"received_data":211023,"sent_data":13008,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tm5r00enbwg8.l4.adsco.re","ip":{"addr":"185.200.118.62","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":463,"sent_data":409,"comment":"","tags":null,"fingerprints":null},{"fqdn":"sourshaped.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2025-11-28T13:58:41.37683Z","alert_count":4,"request_count":4,"received_data":21744,"sent_data":5857,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"c.adsco.re","ip":{"addr":"104.16.43.28","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-02-14","domain_rank":100769,"first_seen":"2017-11-29T18:42:15Z","last_seen":"2025-12-01T13:23:40.759336Z","alert_count":0,"request_count":1,"received_data":69922,"sent_data":477,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-12-03T15:50:53.739602Z","alert_count":3,"request_count":1,"received_data":377,"sent_data":383,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"4.adsco.re","ip":{"addr":"162.252.214.5","port":2087,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2017-02-14","domain_rank":95532,"first_seen":"2021-01-04T16:47:52Z","last_seen":"2025-11-28T08:56:26.426655Z","alert_count":0,"request_count":2,"received_data":872,"sent_data":795,"comment":"","tags":null,"fingerprints":null},{"fqdn":"displayvertising.com","ip":{"addr":"216.59.56.9","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2020-04-18","domain_rank":40391,"first_seen":"2020-04-29T21:21:45Z","last_seen":"2025-11-26T14:35:49.904016Z","alert_count":1,"request_count":1,"received_data":257,"sent_data":1755,"comment":"","tags":null,"fingerprints":null},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-12-03T06:32:40.66545Z","alert_count":6,"request_count":2,"received_data":1060,"sent_data":1462,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"71204f5ed725198df23bc615c0a4a31f","sha1":"1c90717f72537e7045d93c03c82047619d1fee55","sha256":"318f1c58499fe4d626510e56527d5a76fde242cd028d216e9e1381e26a119536","sha512":"5bd01332697744df6951073693c4307b73af9891883eb7d4395b758e1c3029dfc417c528af6ca023171486ed600f3c5a8ee38cf22b7a14f6053e40979b35384e","ssdeep":"","tlshash":"aa90043cddf57df3d0137c1545c741170c0140111051441510d5c47515c470cc4f3405","size":49,"data":"","first_seen":"2025-11-09T10:28:57.086308Z","last_seen":"2026-04-17T15:53:38.255248Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b9299126c783a078276f8ff17d4fc810","sha1":"fc2a2bdad7ce4e4fbfe830d961cca32886a3e256","sha256":"adee38c342b1f4f137b39d6e2d1623d86a0e72affff3fa5aff51a0b3ceba32b2","sha512":"87db6af7c7661b95b47effff0758fe23a1d5a014c8bc6ad96fa47e7db18f7da998b9d9d375e1a095e602d0916416493da51503cd2aec5407323cba515b520961","ssdeep":"","tlshash":"a2c02bfdc200f3940013cc01287cd64293118e11344d0c1733d03424025d8114c96bdd","size":139,"data":"","first_seen":"2025-12-04T02:48:57.392097Z","last_seen":"2025-12-04T02:48:57.392097Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-includes/js/wp-emoji-release.min.js?ver=6.9","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0cc9ba5cf46af0cd73d521803e3b07e","sha1":"7d2a74f87dc70a39eccce3bae1d4cc404cb134f4","sha256":"fd59b0ebf6282ed71647bf2f6e0d1925bbfd1f270865a832079ebb60259aabca","sha512":"7ec44f08676c195547a623504c7105ef3d0acea5839675599598043f3e0b5a3386452e3db6fbea90722f7be9e6effdae1b89c49e2b05b22b8c415616e07d471d","ssdeep":"384:WzevzApRZTbXU/3o//bEPhXgA5POkpJTX:Wsk9XU/3o//YpXgAs+hX","tlshash":"7fa2959ba33a4e8f343e3bd78d968f4dc9da555321c0e079dbefb6c169a00568274c80","size":22762,"data":"","first_seen":"2025-11-10T19:52:32.864936Z","last_seen":"2026-04-20T14:01:44.72726Z","times_seen":158066,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"b7d8a1a33a77fcd0328d3c709c5a9eb3","sha1":"e8ea90d66488aae87f231079141b02b04cc26f05","sha256":"3f06772f212125287a824492bf133d5fc6ef851b8478c081406f650716869cde","sha512":"b92d0879e95318270c892770db71380d6f66efbeb8e4c9a8155e82b09e66a0a90844a4d0e38ede9b6bd536d8926ab4359e3bcc5266594f04136fa66295bbc9c1","ssdeep":"","tlshash":"f37000082080000200200002020222003202203080c82002a2000a3020ea08b8020080","size":20,"data":"","first_seen":"2023-03-07T16:36:56Z","last_seen":"2026-03-06T11:55:01.489296Z","times_seen":4296,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.adsco.re/","fqdn":"c.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"cd52d57fcbee3bb156026c6fc56b3e54","sha1":"f79f4ea0936f5f8b074cacdea9bcc763238373d5","sha256":"179107fb42153e83771f1b6348d13d94f5f47c6e0ecb10c2c444a87554ecbb6a","sha512":"2a47dd1690f210bbf1311e30da41c4e54eaabbf73c4e7a39a1fb97178278879920f23483fad6eb3de10c39c4b22778b49d23a9ca45fb32a3d3b34badb274bc4a","ssdeep":"768:dXKJhxPJjniq2nHAj43BXIt0GGkXjBBcMz9wN8/J3mYYUBB6dYkuv:AFJjni2t0MT8Mz9wSJ3mYYUBB6dq","tlshash":"f1633a797672302942b229ed553f4311b1be56a07c45d0e1e3adc9603c34eab933bfa9","size":68735,"data":"","first_seen":"2025-11-24T20:03:45.317192Z","last_seen":"2025-12-07T17:46:58.559501Z","times_seen":577,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hardexpendstrategy.com/8f6edd1e8ad7befc4a63b2a2e89e457d/invoke.js","fqdn":"hardexpendstrategy.com","domain":"hardexpendstrategy.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6e61a3ba52868b71885d3c55a9ce7b60","sha1":"7275880f22b2aeea22fdfa7c0b4c9595ad78cd91","sha256":"5e6f8d70e1b7b4ab9fbe9dff585618a7cd5adbc77f32d9b227092659a8046b75","sha512":"2471f762253d74d27a33254b559c65761698c752e61cecf722635691a754b170eb1c62ed75695803251fde39b80c2d4e67dd179da971103cfd404c5a3c6fbca4","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qnyXy:CkurY7JfhAl9n5","tlshash":"9e23d8887f90f75457967073723f800bb0156d60668cd8acd1a7d8e87eacb29f5327a8","size":46640,"data":"","first_seen":"2025-12-04T02:48:57.339672Z","last_seen":"2025-12-04T02:48:57.339672Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"ec32cbb3af7f6e89f5d8f67f74c6158c","sha1":"7491859d9c6f7b20a4f415cbc25ca41cdf678e03","sha256":"cf4803ace50e153b2707dd226c319e6975a814a49903e77183eebba5fcad9652","sha512":"4ed82d757e9ae378f25f4b0184fec023703768b8e33eec68287dd3f020f6c0eac97224685299d9fc8bf9a1a6be5d215a141ce33967a18b46ef744e035e67377d","ssdeep":"","tlshash":"b731293f8041eb3d49f80c822e253ae98976209ee637c114eba42610f8a773071684f8","size":1538,"data":"","first_seen":"2025-12-04T02:48:57.393828Z","last_seen":"2025-12-04T02:48:57.393828Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/themes/ultimatube/assets/js/main.js?ver=1.5.0.1763074193","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2307570753a76f7a80d5d93a29e54863","sha1":"db66a97b99908d3cc6aad20e7f45f220c64d2a65","sha256":"3ce74aac2e796739cdb2a1c3b02e673bc02e00154346cd90397815b9dd88f7ac","sha512":"c2b04a1f7d3ad84557ee4f806f10e0cb78f4641d703c6d240a66fa2c1735deabc62e1b74594d91797d385f32655d56a6390770766c2943125f1ac97d88e3f2db","ssdeep":"768:nEt1Rlb8ueedpBfrvXKAIF7BBtP/nIwsnD19VkWAoO:Et1RG0bC71nDh","tlshash":"5f138589f77c255a867a30de6c7f12dc353d0135a802086ebd2ca6e528e4b3d7396d39","size":42003,"data":"","first_seen":"2025-08-26T17:13:50.347369Z","last_seen":"2026-04-17T14:00:53.097696Z","times_seen":625,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-20T14:00:50.305232Z","times_seen":729242,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"7145e6d4dd187b573a13f0240103f6f0","sha1":"f8e7ff7fd488f675f418011ef8ecca4a822933b5","sha256":"02665a4c106fc96e71ef5a17511cf353ec3f5cccb82ec9fce719b23967728897","sha512":"8fb980002683780ece97cb8cc6679fb9c8c97f543b927fe1efbf4073887176b68be02fd0ffbbc4bec0ebce401d04132fe4d1ab1edab9d006be9493f77bcfc736","ssdeep":"","tlshash":"0d700020000082000b2000032f83b280300a033000c8000002028f32a8e802fc020080","size":25,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.480005Z","times_seen":21542,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"fb440b8133f21c3e5d3e39624e7bda94","sha1":"1b46d8568f9bd8a2be944d6a61924a21ec0b6e4f","sha256":"a5e2bc908c3bd3196d273564d073484f9905d13817490eca5aa249e701139cdc","sha512":"f874692932aab2be754d763a3998c5cd3c654a5bcd78c5d839fe0ba506f9a9e563d3cecba0ca71a6b0db35ff94943f6fa8bb0292f10c1aeb7df2704ea6d85fbf","ssdeep":"","tlshash":"047000000000000820200802220322083822223002cc0002220a083022ea00b80282a0","size":20,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T14:02:47.10287Z","times_seen":24303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"dca14c896efeb4b80c68c457aea67f39","sha1":"2488a552655a41fbd3f3165ea5b1999f46f25738","sha256":"998158f6df4183edd82539e6dc971d32f50bc7ee075f64d4abc46d3011a9da27","sha512":"56d0ea635f1a8dd9f7bfed6a8e087ec4d8e38bf65eaee1e1262740fc7ce80cf1b45ea861f0d5949b69ecc650427ccc8879f1b7c9af78933ba26d0aa9f704033b","ssdeep":"","tlshash":"ac8000b02a02b830888c220eb030c3c83c30000030033800a22c00cc08b0ec02208e8a","size":37,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.469862Z","times_seen":18394,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"c510d5a3d97cb2f599576a56b2703434","sha1":"9bc8f27eddd88f1e3f879b2dceb86f92486dc1e3","sha256":"b4a3a83fe09d48db0c0b4416fefb19af5f9e069c12d2af8793a18f159574bb79","sha512":"7adf4f6f79a04ef4aa41503ef199d996dfe027863d5493881f4689e595cc9ce27a4451f1be2617108f3716d2c26bea30fe4ef4c7c4922d4896cf3f7f94e50467","ssdeep":"","tlshash":"7d60002002002820002002000a02a20a2002020c82020200000a8000220208300802c0","size":17,"data":"","first_seen":"2023-03-07T01:03:03Z","last_seen":"2026-04-19T05:15:08.496236Z","times_seen":18161,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"42e3f85097cd0bb2675db1a461609ebf","sha1":"84dbc51f9749d9e7da114e53c38e51728e98bf6d","sha256":"aa739a4582cd8021847ccab60810c0e302547790ab478948fa1405002953edde","sha512":"afa1b7d2467dae8ed08f822cb7ad0efecccc4268bba0331ee47e3787a40bb7cb7c94e888f2ffcc32e03b2a0d0c332066e6aecbbf5cbd80887c9d24003b52ef66","ssdeep":"","tlshash":"0031e597100b44ac9327c08ba32b22675f723216ef968b80436a72caf320d60d969177","size":1534,"data":"","first_seen":"2025-12-04T02:48:57.397129Z","last_seen":"2025-12-04T02:48:57.397129Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"d9f9b0f82813d813afe0d450e9fab4d6","sha1":"cb6ce93dd97adc3649f697ff49681f5aaf8b1671","sha256":"d204422e9d49293ab422bfabae9607635876cb30f77215f133603bac691f6f4b","sha512":"849997b396eb218b8bbc788eeb34ec3eb9ab4c809a07ac707a57a5e13baabb69d2c52795403d032f007276109c7f4476daa8255550fa236873e1eb9ba6dba3ba","ssdeep":"","tlshash":"706000c20008802002c200028820a2802832008a20022000c00800000000a0c0222808","size":17,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.451605Z","times_seen":23637,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"ab3b4884408bb0261d6b56a7d288fe80","sha1":"b0f370141ada9b591302b575434c255db51ae151","sha256":"e5a13721b456c9e090f80944728fc91767f5ae01b01f59160e73ff2c7cacc587","sha512":"e57cb5cdac6519a8a24e85d5d91f2c6492e282308a94d369619e9455cef8f22a2a6abd62023647fbfa0228b6d3e12da22c280d691cd351608aada9c284ca3a66","ssdeep":"","tlshash":"6c80008ea0803232a2fa02038a822200a2af38ea88008820000a0200288030f232ac8a","size":26,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.452492Z","times_seen":23029,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6a88d4bd5bd93656328a2f38b4378d0b","sha1":"d2afdc9b1693f0cf62ab6e88bbcf4e20fb62844e","sha256":"3b1758c84d9df642c22e7c547795bd40ff0a9610795e44c90109fa7f9b8016ab","sha512":"c64eb8517871a1b996d76fd0d9982a9726515a003cebbbdf1639067607e2f7697c97f79fc176802c7e560f325e3f39f40c9edecb49e7c1626b95ca0cb8349424","ssdeep":"","tlshash":"687000380a2000000230202200020002008282a0c0a2a8c0222a820002020200282002","size":21,"data":"","first_seen":"2023-03-07T12:58:03Z","last_seen":"2026-03-06T11:55:01.48721Z","times_seen":8444,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"6efd39ba74ad91e9e8ba549f72bbdf70","sha1":"843a1e8c89adcdf323ca0cca7c4e37a94ee6c5c6","sha256":"970f51f283cd490ff85364f965d30a7a4156beace59c9f249ca3c8dfb4c2b426","sha512":"8bdc838929e5370aaa07d8bee24eb66a2947cc8b064af84488647f50f5b8953f80000487379ff6e81292747bec3e5fd52a1c2329c9b8639745e3d4026f5a0a84","ssdeep":"","tlshash":"0a31c6f4d76b05cdb64c10a4b486262acb60142e95438090722ec4ecfb8b567364e5e0","size":1592,"data":"","first_seen":"2025-12-04T02:48:57.399578Z","last_seen":"2025-12-04T02:48:57.399578Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pawgleamed.com/5e/5d/e3/5e5de3227afc7ac3a03bc643ab0fc1d6.js","fqdn":"pawgleamed.com","domain":"pawgleamed.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7d3c0df9ec0a00c5c87e9f2c41372932","sha1":"f62776fc0e734e04b0769f5c09c670068a4071d9","sha256":"155a2a2928be7f93d2f054066a129560476f4163395d1f8afd6b57f9add6725e","sha512":"c5b5bbf35b079c266967e7e18c2784293a3d54b901ad2577d37d744d39d33360bf849282dd7a0c22dd9c895ddf4d4734db47223b532161dfdc1cc488ab8722e4","ssdeep":"1536:EpOvTY8Afd1ow5ZEUjHzQSF63R2LbqKYmEqMTd01yLVH2WQgPrNQCld5h4s9imf+:qXLD33COgu+bAKaSs","tlshash":"70a3c9d97f40f06d4271607a113fa00af25b0e46688cd59ce117f6a42fa865fe57ef28","size":106568,"data":"","first_seen":"2025-12-04T02:48:57.383586Z","last_seen":"2025-12-04T02:48:57.383586Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"d720eef71edef78b948a643d5712ec07","sha1":"ea5eb334bd6ddb0f04abafb700dc2ecb30070c76","sha256":"2daa1a91b2430e9867296c9cb26d1483785954a9bdd66f79b2c754bab7092cae","sha512":"63368ff1fef849df7f849af23bc2f24698893bd3d58300282427a76665b2d5c94f097d409f93173ad9c36944b4fffc2e37fa03a91f81e4e04f3737f9b73d2d6f","ssdeep":"","tlshash":"5f6000c00000c00c0000ccc3c00300c030000030c0cc3c0003003c3300cf00ccc00033","size":15,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-03-06T11:55:01.51255Z","times_seen":24260,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"ef9e29d830b47e493c51972bb3af3ef6","sha1":"95d6255c5e100dce97da5619be073c8dbf4f00c0","sha256":"fc5a1ffc9513896711ec2c788490995715c8d32ccda8c4e2c68a9bd8cb214e77","sha512":"af408037587ea95e4db5c0412d582ea898d2fb5084e5917048698bc482dd7c3e8854d87fcf3adf508fd8cceef746eab017029aba07aa934184675a6e6c88f0b9","ssdeep":"","tlshash":"a270000000002830080208002020ca8e2a22208022033a00800a000000208802088b0a","size":19,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.495259Z","times_seen":19082,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-includes/js/wp-emoji-loader.min.js","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"3f7192937d17d4a24259a4f1495d428f","sha1":"99f9ad68d8137a7672b66ffc94381fb2f3380757","sha256":"812c27f2469b5f079e11b587fe5e3a4a0b093bda8d2e04d191948d7001051c83","sha512":"a2559fde33de2556c5af1489ade22a5d8c30197bdc40184adcb61eda588a479c2f6deb021f0c0b11df0265d46da040aa1a3fe480c7d3af8dc583600a12208b34","ssdeep":"","tlshash":"8a81859ae77a38dbb2f900f2697a0d47eb614435d6c8d438c9bea3141cb5893c274b46","size":3842,"data":"","first_seen":"2025-12-04T02:48:57.40153Z","last_seen":"2025-12-04T02:48:57.40153Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hardexpendstrategy.com/61fa5642046c4327085e4f22d6209b1b/invoke.js","fqdn":"hardexpendstrategy.com","domain":"hardexpendstrategy.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8c2a2e504a4717bfcd73edc917fa8044","sha1":"5505773c03b9f1266aaa30acff878384e3b9fca8","sha256":"70ff0aec0bf831896e7934754b215387091072012590d2d45b1523a14366121a","sha512":"e6ce91643cae30635dd3bb013c61b179c1bfa99abf07508c18eec2f1eb3d60e32f941330b80cc9978f8114d579d6363d325e779d1ccc7b3c5674828db7f0967e","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qgyXy:CkurY7JfhAl9g5","tlshash":"c423d9887f90f75457567073723f800bb0156d60668cd8acd1a7d8e87eacb29f5327a8","size":46591,"data":"","first_seen":"2025-12-04T02:48:57.352547Z","last_seen":"2025-12-04T02:48:57.352547Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"javascriptURL","is_inline":false,"md5":"68934a3e9455fa72420237eb05902327","sha1":"7cb6efb98ba5972a9b5090dc2e517fe14d12cb04","sha256":"fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa","sha512":"719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d","ssdeep":"","tlshash":"aa3000000000000c000000000000000000000000000000000000000030000000000000","size":5,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-20T13:27:49.507147Z","times_seen":69009,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"0fb35e7b911b25a9fa6c144bb618df20","sha1":"e0ddee1fb17a4ed5b0a924f7f2de19bae3bf5d02","sha256":"aba82b81559fa1ea80757140117416897cffc973b79bf6bcac4f1c447799eef9","sha512":"1d38ba526501059cda5a572dd1dd1bb39ab1d198f3ec9e393779bd061a4a9bf3bf3f770d68d3fe8dc1a437089d0ba1357105afb9da11e8e21484ce8d11a5b207","ssdeep":"96:tV9JrMozwCNfl5e/yUepVTmzuYke9mWU86c7B4x/eYvXbcvupar41mD8+oCfMEDM:tV9JrFzt3UlrkeYhjc+deyrcA+8+oCkL","tlshash":"aeb14c7a4f99103aa962f0ae117fa60c7f66d2071008d60ebc8cd7421fb06e855dee98","size":5237,"data":"","first_seen":"2025-12-04T02:48:57.402731Z","last_seen":"2025-12-04T02:48:57.402731Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"bd29bd55a65632198f5a49a7c849cb84","sha1":"2729ec320cf26022d5c07915772129bf05a7ab0c","sha256":"2fe3289bac432f30c7d7042cbdcb83adedcbc9c9ade78bc5aa9c1fb0b7bfab5e","sha512":"41f30a4d2e28e7f89abd015072f9298f0a4850772775774ab0ca2fb4fa39b8035c6a37460deb073a1920f76d61578e51932f44a5c0b4d28e58d5d2da315e53a0","ssdeep":"","tlshash":"0cc08c486a3620236fd03cafbbca2bc048c60302f02a26036802408264ca02b424200c","size":145,"data":"","first_seen":"2024-09-28T07:18:21.544851Z","last_seen":"2025-12-04T02:48:57.403427Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6043a0b1ebb36c505a9191b20e11815f","sha1":"6f9cda2539774241dca5f5df2e40b2e83139768e","sha256":"354d474759535f5f0bb63dc6c5ea17455fb3d281aeb3cd6d44c2f3f594c5dec3","sha512":"5a55931f152716ef8803227e0518befc7ec9fdbc66f16aab57824511c7f3a94bfd9b93b4417d6f759d04c517f3d242eec582b49a8d92be6079b88e10a27fb9bb","ssdeep":"","tlshash":"517000a20c0ba0020c228b02838222002020028a288830c220a088203222e0b3028080","size":24,"data":"","first_seen":"2024-05-15T22:21:35Z","last_seen":"2026-03-06T11:55:01.515568Z","times_seen":14363,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"97027e2582ced35b186bf66d3601cfd2","sha1":"4133fa316e585c4426c58951884d2db2d0e21548","sha256":"b18f7c2e4dbfe2926b0413634f7cd6781be55e27b4b885dc68a8f740a80d72e1","sha512":"6ce568f004c961c5a0e2e884ed98e6bdc8ecbba0dcbadf7d88cff201ff8b40a55d01a18cc7a247832c93f0129a2f7e68217dffa94071a50337ef0e17366448a0","ssdeep":"","tlshash":"9f60000000002830002e28002202a20a2002200002020a00800a00002220283208838a","size":17,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T14:02:47.126754Z","times_seen":17994,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-20T14:00:50.222789Z","times_seen":677643,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"8b5e8699c1b76c14c38283a27772a3e0","sha1":"8e39b41dbcb6877e9b189351a2c90908abdc7754","sha256":"cfab5312f1cfff1e8162225ab27453306ff627f512bcf18225c0a305ca093e1c","sha512":"66ffa0031cc22b4eec8867f36dcf3d887b021a11ea74f51c2a2eff1ec4cf9eeb44c4e1d5a6c197f29d66546c5f42ef283c54261f6157687237e4dabe1715523d","ssdeep":"","tlshash":"cb700000000228a200fe230e8e82230822282223a28820c820220a2820003232380880","size":25,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.499726Z","times_seen":22395,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"4cf954c76f588e097ad9ff70e90a86f2","sha1":"6c3f32fc10b2d98ee69d845eaf5e2d99841bd264","sha256":"0098b3fb5f82abbebff8c293e42863b93e210b01f0032c4147fe1457f5b48a93","sha512":"73b77b211094a65a16e25ad1c26e4001993d80adf820126ccc940a407894eb4462a7d5ea953ece44e33bf77139d896fd6e90029dc66cd15a4be654589c844cb4","ssdeep":"","tlshash":"847000a00e0a888000a0a8ca0a832bae32a2000a8220aa02a8ca002228282e30280080","size":25,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.480921Z","times_seen":16303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"aaf72876f0d5e8a677a383fd45bf938b","sha1":"d8b2ca3c238c933223f4a6313c5c0561f99e0c1c","sha256":"15eb7e222abfc64660d0f94c04053839498df20ea9ac9a13a201701a56ce3bf6","sha512":"c6bec20224539a5319a753a794c7521e7063e76b3d41bac8d7f0159880eaf3ed07c3fc1b0eb4ec285f1970f270f4b0ab68890d5a0ed01e3b1542102ad707f6d7","ssdeep":"","tlshash":"207000080820000820200802220322283822323022cc0002220a083022ea00b80282e2","size":24,"data":"","first_seen":"2023-03-07T01:03:03Z","last_seen":"2026-03-06T11:55:01.498128Z","times_seen":23956,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hardexpendstrategy.com/61fa5642046c4327085e4f22d6209b1b/invoke.js","fqdn":"hardexpendstrategy.com","domain":"hardexpendstrategy.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"042ff6b8a6550f68520aed189ee44e31","sha1":"95cacb6139b3310e74bf8bd597b173fbdfa78688","sha256":"2bd237db79239ffc166b0d62f945c10d2bfde77644ee895c4c9a703e17baff6c","sha512":"4ea3ac8158ba48297fcd4fdffe7fae5f8075247e1fb8edd34c7dc0304c0650b9a2c7aa23608a1b9b67bd01a35b30b61d2dfb345c32a359af5e59271b068ec10a","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qzyXy:CkurY7JfhAl9z5","tlshash":"6823d9887f90f75457567073723f800bb0156d60668cd8acd1a7d8e87eacb29f5327a8","size":46627,"data":"","first_seen":"2025-12-04T02:48:57.344955Z","last_seen":"2025-12-04T02:48:57.344955Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wpst-main-js-extra","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"fcda89715bcf53ae090bfbf9095181ae","sha1":"38a765b8ff4f7daef4c910352ab8692b5a0fa069","sha256":"7af9f1b021a762b2149bb64697f2a2260d31870e41d5ef98bec727f217186895","sha512":"6ecac32d687c5f06863b48749b01cd9ccd4c4ab0adf6c093e77cc0bbcf97011484c25214671f33937c5f530871b5f2d633b4b4816303b4ff860d12d9b79f7aeb","ssdeep":"","tlshash":"58217d21ca835fc322a3aaf0501c076369b95121d0949d19679dc0800aa5903f6d411e","size":1128,"data":"","first_seen":"2025-12-04T02:48:57.406548Z","last_seen":"2025-12-04T02:48:57.406548Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"5bfefe743069146592d5b9ba02d70c74","sha1":"fbf6c0e6a658f5b4534159ecc0fe464ed5d7e67b","sha256":"44488f4a198477d268563926784561a9613f327b52e0f2cb15f25feaa5fbde52","sha512":"75bcfdd88a93307d940aee59a0c30debb6d7f1ceeaed05196c89c022b3b9625e360b9bfde7a3460600590f7c9cf10ac8c9c155089088d3174923a4087f76b215","ssdeep":"","tlshash":"e241b7b2d5263825dea9a067029f3a187e57ea670508528d7c4d47137b608ea216ff88","size":2014,"data":"","first_seen":"2025-12-04T02:48:57.407526Z","last_seen":"2025-12-04T02:48:57.407526Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"ba72abecc4ce6541a363b33e6df46403","sha1":"0c35eb5c2e7a342d94cc7cfccf1dc98be6849736","sha256":"34013daf57e9d6d06a7d2bb93cb7dd3ed3cfe9cfbe977698c7373506c718c68d","sha512":"5b602c01942be3765a034c9f9aafe90911475bdcb173d91f8b14063841c111eebf5bf33a1d65a83eae6aa948d54e0df3b53488549ace4b28f49d5a51471972da","ssdeep":"","tlshash":"b041093f80427a368cfb69933a9937e40c79518ec6199288bb5c2700f776a75217ccc9","size":2016,"data":"","first_seen":"2025-12-04T02:48:57.40837Z","last_seen":"2025-12-04T02:48:57.40837Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"11cc3621e45b2f0b945ccf3c32be2d99","sha1":"65369460879076ce3d2ca049392097e9c15b8149","sha256":"8eab171b0d256cf386d222b71fbf5380f2051b67452dbd83f41401a6216a789c","sha512":"e8af12a7397f87b88e2b71577fbb9be3be97b309345786db07de0c882ef2203a6d2b98a7f74c4f5b065e3d67cdb2c54f23ff7694c9ccc83e22ee93e950e60715","ssdeep":"","tlshash":"8bb009b69262c0b9c4469c9eb13ad6e7397a12143813b327901d49205522e5e2b008a0","size":108,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.455072Z","times_seen":20074,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"cb12e2bae39e65c9d2941532f47d984c","sha1":"c7d0055b2b2eb35e946b09ba87011065b445b1ba","sha256":"2ef7ca07ed70c4ffbc59b1d3fa8df8cd2be1bfc66d1604246926066c9f44fd0c","sha512":"e0589a937d93701a4d41f6b507fe7843ef72145a3a0ed697796e62edcfaf49cebb4f3e74f04b9664b3f49f7722f1326e26aa1075831f3b5a70ddd14328f423e5","ssdeep":"","tlshash":"457000b08c0200000c030e02e2200020a03220802b003c03a28080388028e20320e200","size":23,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.512388Z","times_seen":15697,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-20T13:56:30.600351Z","times_seen":14443,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"e018c77e67a96b7f5440da3c7397e35a","sha1":"a090b0a7035556c7f71070fe10c2e37fa15584c5","sha256":"5c5bb18e544cb67f765d8a6d2c774838d3ae95df9b62f25660c64554a7302d8e","sha512":"cfaad7c410b0f14c2c849855f859a973177c6bdeb27ce9e3dfbbb38169a4abd0f66252213aa1885751c54d1ae761fd68af739081e9b7d6875f084c2240874062","ssdeep":"","tlshash":"0a6000c000030030000300303030c3cc3c30003030333000000c3c3f0000f00c003f0c","size":17,"data":"","first_seen":"2023-03-07T01:03:03Z","last_seen":"2026-04-19T18:57:35.179248Z","times_seen":21369,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"c24107ca675c86ce400f00f60737bf91","sha1":"915db7d3426c409da4f1c6d58c38d9dfd6ad39be","sha256":"3688d7e88d248ea850c456f0233738d10695a410a3dec97785ca7422c3f562c1","sha512":"0b10c8522a9d3b4cd1b5d63918ca7888bf837bd48c2c456c38e20e215a0c5e1cc38e5248658c54021b1d2337a68dc1f61b17adfbda678078d0d4a8cb4fc56e40","ssdeep":"","tlshash":"2870002002002830880200022020cb8c2a200280280230008208000800208002808a0a","size":20,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.509945Z","times_seen":18884,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"2575c724c1f80170b0367363f0afa0ec","sha1":"243b0d88c932387e96ca5c71cbb8fa8d7fe81a6f","sha256":"4f61f9e962c8c1d90b453b461dd9431c1d3a6a706e61ab5c2a9faf6a71aea93f","sha512":"e7e2e84d801f9f6365a328e2433af505b557542b884c45d3ffcd5d27238523c86c93df9c44d759bc8b55be9a8ae489a01716b60cc8f2793a97337a67376c90ff","ssdeep":"","tlshash":"5f6000330c0300000030ccc0000000c0033000c0330030030c3c0cf03000ccc3000030","size":15,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.453437Z","times_seen":15209,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"45ea2950a17070240a77a00fb2c1cae8","sha1":"b3ef2edbfa2294d34d41106eb37a44e41814c5cd","sha256":"d24a61ae547a3321445bf5dc332f4117ab441269b1839d85dcc0b3cc6af1631c","sha512":"44d50eecaea4c8855b4fc28c89757c38402c84a3ee1351100ff65950d5d4664baaa4b5f8367e5853c526c11730a950fe8a5960a3451d9a42f60e99a200c5c8df","ssdeep":"","tlshash":"cdc04c699b8024226612368e765717d39ed6070ba4765e0d33647480b89f4670880ccd","size":145,"data":"","first_seen":"2024-09-28T07:18:21.578572Z","last_seen":"2025-12-04T02:48:57.411693Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"e969e6981adb7ab1cb174994a5c8c627","sha1":"5f534a259a6f3754d1d392028fd4cbb344fb6563","sha256":"5cb18f9c0eebf644c0bc27e5224177984121b4c4a3f8189861a6d797a15a2e7a","sha512":"10bbe815bb6e4ade10d00a42a82dd10b668e95e275161cb0a637b2ea95785f8f7fc72b31bb48ac9c1dfad03d811912c0683941a3c09357525f164915d5b033cf","ssdeep":"","tlshash":"a380000a88a8a0222a30a0228c020200202e822080ee208083f2032020c283c022b802","size":30,"data":"","first_seen":"2024-02-12T20:00:22Z","last_seen":"2026-03-06T11:55:01.514986Z","times_seen":20053,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"7545d1da7159ca66338b4c84b69f8ae4","sha1":"0858800340ee5b8c413a1aabc50fb28d0bdf89db","sha256":"7510742fba4d25113b6124987e97cba40776bc5030a6a3678974dc8ba075bf81","sha512":"dbd944acd2868ed6eb1de313c0efe7590f715129f7ca5a9ae5a3dfb9de0035612a248441d9e6c4c1812d8ec4b3de7cd2a5973c4c71887361a2276de1d73fab94","ssdeep":"","tlshash":"af8000088820202a20be0a0e02a3e232220e3022a0020220000f0280380020bb302880","size":26,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.475594Z","times_seen":22616,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-20T13:56:30.600351Z","times_seen":14443,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"b5ba3d03156bd0e547dc0516f0d1ebae","sha1":"97de00c39dee13d1382ceae0294df0867b560626","sha256":"d23a0080b6571f01e3850bd5f030aaa40795377b6c84198db4824b2f5c08cc88","sha512":"ce1b8810cde4c4d9f19e3a4dab0bda7e741084989271808ac4d63be0cf8945378ec9bfe5dac9e4aa86a4523d645465b1296cffeaa479d571350132881723f154","ssdeep":"","tlshash":"9b312c7d0b5d042fa290eccdadfbc36e4f796615e1c8c40c5e64964c1af11d44459977","size":1536,"data":"","first_seen":"2025-12-04T02:48:57.414062Z","last_seen":"2025-12-04T02:48:57.414062Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/52/3b/eb/523beb7e5e7b4667b53c4d050c3ebe93.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8a70be608264de14e8df960c8852f4a6","sha1":"098c66382e201bf563e88e376e45d42c79f119b4","sha256":"f835a681768492c84afde5205d9b05582dfe9e1684a24641ff3c6d5c50c112c5","sha512":"76987009d22c96ecddbfc673409543959a4d9ca21b2973f220005c36436b32385e20e92c6ca522e5ba2dfa68dc9434c901b1e93960a561f66113094191db72af","ssdeep":"1536:h3Zs5j4xaqmOxXUZ0ob3meMv6IqyiB+9be5:h3Acx//xXUofv6fOG","tlshash":"9283c88d7f99f1ac03527072722fa21ef0290d126098d1a4e253f5fdaf78729e976b14","size":81858,"data":"","first_seen":"2025-12-04T02:48:57.326582Z","last_seen":"2025-12-04T02:48:57.326582Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"a3f019b669167cf68c3c7ec58cf3fafe","sha1":"e9071fe10455ef52c0d0bb825270d61943050c21","sha256":"de28b1d6380e95ee9eba78941f3ae0ae58ee5b96a84d6940043c3832f96155e7","sha512":"5a689c9a909530191d3f28db4ccae1fd5bd0b9456ae46d82d4e1104e922f5c68ecf5c9ffba1dac399781bd15b37dfa718255a1b26f020c4ba25be99a94432216","ssdeep":"96:f+9lBOItozjXyo81iRXCrxgebqUdQeq3rOzn9x1iRXCrxgebqUdQeq3rOzz1mDev:m9lBMzjB8AYTLdQeWKHAYTLdQeWI+eCi","tlshash":"f4b12a3a8dc1a63944b7249b397a26891d72500f8505db09fb8cb640ff6bb7429bccd8","size":5240,"data":"","first_seen":"2025-12-04T02:48:57.415022Z","last_seen":"2025-12-04T02:48:57.415022Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"45ea2950a17070240a77a00fb2c1cae8","sha1":"b3ef2edbfa2294d34d41106eb37a44e41814c5cd","sha256":"d24a61ae547a3321445bf5dc332f4117ab441269b1839d85dcc0b3cc6af1631c","sha512":"44d50eecaea4c8855b4fc28c89757c38402c84a3ee1351100ff65950d5d4664baaa4b5f8367e5853c526c11730a950fe8a5960a3451d9a42f60e99a200c5c8df","ssdeep":"","tlshash":"cdc04c699b8024226612368e765717d39ed6070ba4765e0d33647480b89f4670880ccd","size":145,"data":"","first_seen":"2024-09-28T07:18:21.578572Z","last_seen":"2025-12-04T02:48:57.411693Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"bd29bd55a65632198f5a49a7c849cb84","sha1":"2729ec320cf26022d5c07915772129bf05a7ab0c","sha256":"2fe3289bac432f30c7d7042cbdcb83adedcbc9c9ade78bc5aa9c1fb0b7bfab5e","sha512":"41f30a4d2e28e7f89abd015072f9298f0a4850772775774ab0ca2fb4fa39b8035c6a37460deb073a1920f76d61578e51932f44a5c0b4d28e58d5d2da315e53a0","ssdeep":"","tlshash":"0cc08c486a3620236fd03cafbbca2bc048c60302f02a26036802408264ca02b424200c","size":145,"data":"","first_seen":"2024-09-28T07:18:21.544851Z","last_seen":"2025-12-04T02:48:57.403427Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"css.xcss.me/js/pub.min.js","fqdn":"css.xcss.me","domain":"xcss.me","tld":"me"},"ip":{"addr":"67.212.184.148","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"842d4889c73f6664245d70112389026a","sha1":"3f5d934289e1acfebce633760640881a81ac8299","sha256":"99f43e50f4179af4ebf4c93668866d5a5607914fa0a5daa087354c3159d3fa03","sha512":"06183fcfa4fae4e82e8805417d75b6de162666c636c3c78c1200bd960d1efbbbe34c0ef132851e71e9bc8d53df243685e175093f1dbc03a5d5dedd6b794b6a21","ssdeep":"","tlshash":"2b51d8dbf64019235347d0dae5af899a027780173c0304e5c673e1b148ea87ec71b688","size":2753,"data":"","first_seen":"2023-03-07T14:14:23Z","last_seen":"2026-04-19T15:39:40.803284Z","times_seen":1008,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/52/3b/eb/523beb7e5e7b4667b53c4d050c3ebe93.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8a70be608264de14e8df960c8852f4a6","sha1":"098c66382e201bf563e88e376e45d42c79f119b4","sha256":"f835a681768492c84afde5205d9b05582dfe9e1684a24641ff3c6d5c50c112c5","sha512":"76987009d22c96ecddbfc673409543959a4d9ca21b2973f220005c36436b32385e20e92c6ca522e5ba2dfa68dc9434c901b1e93960a561f66113094191db72af","ssdeep":"1536:h3Zs5j4xaqmOxXUZ0ob3meMv6IqyiB+9be5:h3Acx//xXUofv6fOG","tlshash":"9283c88d7f99f1ac03527072722fa21ef0290d126098d1a4e253f5fdaf78729e976b14","size":81858,"data":"","first_seen":"2025-12-04T02:48:57.326582Z","last_seen":"2025-12-04T02:48:57.326582Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"fe99bbf2987d52a27e4d042d61264b5f","sha1":"96bb68de49d3a4146142cce3f02de1ccbf8d0bf6","sha256":"cfe90e4da6c1841088b25b3582dc78b887f3239cdfde633ff426703c6ed538f5","sha512":"9dd74689d8b3460b4da7557d2797047f31cfa1b8522959d152c08f1f48989897e15f026d9b254a7ef61b99b9b18fc002054f29a12a2e30554a68d7815c53f3dd","ssdeep":"","tlshash":"d570000a20a02022082a000082022200288c0082a80800380a008b003c008032222382","size":22,"data":"","first_seen":"2025-03-02T21:04:17.177505Z","last_seen":"2026-03-06T11:55:01.511158Z","times_seen":8483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"67b2371a222c2dc94f01b8579fff4f4d","sha1":"0b0a5e2d11790de282055efe8b8cfd6f4378bbfd","sha256":"dfafe4f2e08c006ec277e8042267c6237512a1a93bfcf57657420d4becc0a97b","sha512":"06a32863a820cca2b2f4460c10c4dc3583687648c909c5f67c746e727ecd4ea6301db1273b40dacdaf397a585ff257eb8c3e226fc023e95d3bda257e02505dfb","ssdeep":"","tlshash":"d4700002880200a8302bc808a3022300200080802882000008888002b0000230808088","size":20,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.481416Z","times_seen":20842,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"5eb9472f3c3e0e79bbc65d78a60bc3d4","sha1":"1a93f96290f63802dfde06c9707f42c9545f6695","sha256":"e0bc19473df9795cd42be5da545b5a6828d31527b4ffa3769564f735abec0deb","sha512":"a52b08082e87bc47f5e0ea69097ec0ae039648315c10f12de50872e59108363bcdbf06596df0d31df3b03e71077c01f681f5328ca942ddba9f1f625e2c7fa206","ssdeep":"","tlshash":"eb60000c000000330cc0c00330f0c3c0fc30c030300f3030000c03003000c0000ccc00","size":17,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.513223Z","times_seen":16684,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"3a0f702609d286bfdeafb0268d485f01","sha1":"f8412fc045d2f2fd2811d0a513c9f7105c881e67","sha256":"63fd63a33ca43f07ce872672d604657ec0fbfbe24bec43f4b322c0f7a1c2ce25","sha512":"fba3109cd858ca1ea95dcf694aecc590a62e2493cc8de313ed06ec5ccd90305b11c9de99d6cc39d8ce21d8e9003dc1e7097de405c115025ea709e3e5f7696904","ssdeep":"","tlshash":"2b7000080002002208c0800220b08280ac208822300a2022000c02002000c220088800","size":19,"data":"","first_seen":"2023-03-07T01:03:03Z","last_seen":"2026-04-19T05:15:08.485719Z","times_seen":16734,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"1011068687ffa4c03024b434d7807ec0","sha1":"1d778af7edb0ad9f37591bb9720e8a8f2258e32f","sha256":"604b8283208b7a2f77a2c6d1fbfa02f883bee9f1118f85c630b70c997db85c44","sha512":"78a287d33d0de2fa525ba49252731ba0eb8a6c9506d8539721dff7a035a1853ace3cb7ccb9678116fc08da9d3403cb35b442ef335602edfd754407110c73ef73","ssdeep":"","tlshash":"9c4119b4e3372499bd5f72b571c923118f64802f090292d2741e85c4eb8955b32bedc4","size":2070,"data":"","first_seen":"2025-12-04T02:48:57.419097Z","last_seen":"2025-12-04T02:48:57.419097Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"displayvertising.com/tgigldcducaagzhm?EjxRYGkz=BQOCAAAAAAAACZUAAjjTA7oiNEOMbBmMtaeuR9Nh6rl67GtZoVzvzvU3a2ppM00UQjYIyNUI5zxS1VgG4ZLopNSBc5XFv07sJCljDQq6F1sDBtmzB1lLUYILCj_T5kQqmqfTs2HIDlHK4kekhnCjPaJ_3l1JnVCs9LHsubUod1mkzZeoKrdHawGasaARwAaX2mv7wX6-3jNETK0DJ3F72jpn23-QHHp-RBKlJRJ27jVQPExKvMc8sQI65pFX9sNyLUWfPN7NtZof8atnY9pPmd6OopbtYdtW83B9aEk_3QG_AlLcuf1jj4zygdX-W-vQdss64p1GmgocuKnHyj5maWrLUZxCsGzKxgcCXyfWpy0dRWFUTY_i1ive9P4uSfI4AQTRYWqns0-5NcRB4G8m-rCPTAmEfQ1w1NFx-XIGLdSYP_4L2O9WMcltQ6TsxL5BK-Z4TFWey81FttXI3ViwQjcijonyzX1duiw2aKMYYbjrVfAx1AZTHV4m2t6PKYOiuffVsSC3AqzwvRRz8KaBLMYcdrD-F-7zuSez2L4PUcXDg2jEmT46dtCtA0i24hC-tgKlXpCVmbSuKAdE1AOZbre07wpnVxkAbl9XYj2xZ_75SoRAsIuRuoPSXlpNAbP_-yD_d24gErx6EDzMxp9_hshtIkoIJ8HXjZ59ZRVoeUGB5ywqMCSsmh5CHBdgcUDMcTunxHTxqqup7TbXZ0k4tGqfIl5nmW_vmEyHX9vThUukoaPc-gf1Hdn6YbqgV7O5y89yeMYLVivSInUu8QgCHHoM6QsT2-aMbJd8BKmOIRKOfTNKNL5WgA4ZQhmwjJLse9_x2Pgxi8sm13cAwX6jUs62tUNlt5Rh2sVzfJVX5TG6hlP5a0S7HVRbYU9dkUtHW-FNoMpT5qZZmOkF6MVqincPR9N0uh-6i1zYpNHW5hds5j-J2juI1pPULVrgW8rR6-GmCguZULpZBmJ0ngMhBA-T9EKzkqlGuvhDNCUiAvj0ofWcI6QInpEaHYN0F8P1vBIqyLBKSKqZBvol0mfdqVNwzi7ZRR8DhaWbQEcqzFIazDOblX_5Jb3C5fT7xliHi0rgMaEZtcxfCjDsET51DjmMcB6u6a1POnc9jF4b1gDXCq6WF3d6cJ7pvOdJm1_3jnNPLz2ZMfzCAy3dh8xDnGsZQqNlWzG5WFPCO6BSX-u61DbO6Dx9rD2AeQpR\u0026ZuTQlfGk=4\u0026RuNLQPIA=5052482\u0026hIoiqAXM=\u0026WQYPONjC=0:1,0\u0026YBgCpDoS=\u0026rbWLkVKD=\u0026QTZAvFMB=1280,1024,1,1280,1024,0","fqdn":"displayvertising.com","domain":"displayvertising.com","tld":"com"},"ip":{"addr":"216.59.56.9","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5f0a25e4d3522d56d48ce7bc3e518fb","sha1":"86794caff58f7fee6e684c2ba7195f970a8d6f4c","sha256":"9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5","sha512":"a3a81801f516a4eb11f00d6f56dab0ed4b8a79219e6b4f5436993479f09dae08f14cffbab3327ff66fb39201d8eba1153ae7114f7705a01cc6f0edf840ef1616","ssdeep":"","tlshash":"789002801814116115d1500b8d5159d01259b1a4540801324446ca502dc7883a415774","size":44,"data":"","first_seen":"2023-03-07T01:17:45Z","last_seen":"2026-04-20T05:40:40.345222Z","times_seen":23469,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4ea469784027612dad0cff8c054e1376","sha1":"0ba2d0db2ab4cf8baf3c71d3bf0549647da4aa4d","sha256":"ac074ef53fa7ab522018bac6394ff9aacec209304e0b88405d89859d7f4fcc53","sha512":"7c4f008521e3be598436ca73ccc11d752d5c728c54a2de519f9f555c8b71e0d5bdadd60ae7662362096b3ce92277795c02ca97cac04073ee6736d17d4c1a67fb","ssdeep":"","tlshash":"6bc02bd88004f24701d1cc2d2cecd54083118f00341f001739d114230380505c5d335c","size":140,"data":"","first_seen":"2024-09-28T07:18:21.550481Z","last_seen":"2025-12-04T02:48:57.420401Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"61d9031f2b0da3ac81b6732b6d1ecf83","sha1":"515d4db3d1120a7160d1bc7d93d57f7fbdea1fc4","sha256":"436179ef4964c80a03e62015696ba10c5ae70602c6538d07f50b75f35bd72a27","sha512":"3b6ddafdb73b34756f57d92b3db048d03ac38dd2f96be7d4ba695835470b8ce460e2d6059a84e64f3bc2d5237b6151aad2a649f76ab43a81447182684b5741de","ssdeep":"","tlshash":"b58000b02020a830088e020cb030c3cc3e32000230033000a00c028c0830ec00228f88","size":36,"data":"","first_seen":"2023-03-07T01:03:03Z","last_seen":"2026-04-19T05:15:08.455572Z","times_seen":18664,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"4260c01394765a497287987f27d6823a","sha1":"7162f84a1608c790ba9e01abfa0e0ddd067feb97","sha256":"0200f755a2c13b9335fe39b3a88f696c334e518e8407780c4731d8e6be966c4e","sha512":"acb1477b99c1be7773301f0a9ac146c60b4e5961824b2d27f4ab27d2f879ac4985a4df0dae6ce4cb2c0b3f9c93d5731320df8a49ddddc0cb9b4c8d2e328afeb6","ssdeep":"","tlshash":"7270003003003c00c03003030f03f3003000030cc000000003ccc00c330300330000c0","size":18,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.477966Z","times_seen":17923,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"c8d967999607cd820c3a947a98d52f84","sha1":"d37bfdce82851b85dab7aa69b037d2ca140e2ddf","sha256":"0e27576eb1e9c067b58d47b8749be97d9e94c1e3d67cdf541784148cd80a04b1","sha512":"299e3512dea806608762fd9bf97a96fe6d0d36391bce60eae9cc1449deea726b09b71d6d4e73b5544736849cb70a935e1d853a7a064286a48b9f2dfff0761599","ssdeep":"","tlshash":"f680044d17f00d4d457c0d4c7344114470d4f44f10101c445014171570750315005043","size":37,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-03-06T11:55:01.496646Z","times_seen":16060,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b9299126c783a078276f8ff17d4fc810","sha1":"fc2a2bdad7ce4e4fbfe830d961cca32886a3e256","sha256":"adee38c342b1f4f137b39d6e2d1623d86a0e72affff3fa5aff51a0b3ceba32b2","sha512":"87db6af7c7661b95b47effff0758fe23a1d5a014c8bc6ad96fa47e7db18f7da998b9d9d375e1a095e602d0916416493da51503cd2aec5407323cba515b520961","ssdeep":"","tlshash":"a2c02bfdc200f3940013cc01287cd64293118e11344d0c1733d03424025d8114c96bdd","size":139,"data":"","first_seen":"2025-12-04T02:48:57.392097Z","last_seen":"2025-12-04T02:48:57.392097Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9aa3dc35f8ba994aa0f04a42c4da5062","sha1":"a65df79b7b70e8b8d22a2db929f6598428a827e0","sha256":"89e4c05e12e12f5bdf85a4fb89bad572dd85256091add09fdb9c6e42e703e2bb","sha512":"72ec1d5aaa34463f798b2d2c5976a6221f70e51ea2afff582319f4c8b7e31f4a67ef2a2d39427b4d1cc89ca66c4d4374db662c1137380ce0aad2acfcdbed4d6c","ssdeep":"","tlshash":"ec7000080000a0308808a002882ca3803c20a820b022a008080823080000a020008e0e","size":24,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.46926Z","times_seen":23254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"79e362235e366729632e60d6d35f8904","sha1":"69df1a1691b05442e11e2bc5825fc6297b977a92","sha256":"da82a56eb8524f5d12a2afcf2c5d0cb6184f26995167212a0ccb3bc2ba0def36","sha512":"94ca14ccb12238f547249a07134689257dd97639be34d7f466f52741df7176be982d88c5d294dd42a534a32d908533b5eaae33a13cb47ce0cf065d3098d9383d","ssdeep":"","tlshash":"fe60000000000c30000303000c30c3cc3c3f000030033030030c00000c00c003300c00","size":15,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T14:02:47.114434Z","times_seen":23603,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"476b43130f4da0758e51a26ea93e733d","sha1":"5eac9c53e9cc1410e58f6f0bdc85528acab30736","sha256":"b19d05a8d492320ab4db4d74ea0e9e90374bed47a18e805f8018ebb00af0c23c","sha512":"d7b6af5bbc8185dfa58fccd8be30e14c79aed4aba53d8824cc066465690837c5f2d173bc3bb78eda33f9ae91ac0434fbb63d4d4c906e1874cc614ecf72ac4291","ssdeep":"","tlshash":"547000088202202a003828028282a220223ca82080028020000a020228002032ba08c8","size":22,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.474522Z","times_seen":22786,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"879c12264b74d969b0314e9a9cd1f17d","sha1":"714a5d759f4d1b7d41f8c5526451aef114b33d41","sha256":"28be88d787b6e773eaf5d0818a6c62446ce628dd8ec0659c6f78410588838337","sha512":"3547b27de7764e655bc8749fd5c1166599da57d2a76057e66923476fda692917a9e537a934374c77f361359b9fe94d739bc037044bbcf2648feb43f7ff9f1c7f","ssdeep":"","tlshash":"f7700008e0a03032203a020a228222202a0c2020800000a0080a328028882832380880","size":22,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.498638Z","times_seen":21975,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"bdc6234a33432c503640ad2f62105dbf","sha1":"2e733c2d4f1953a7ca2231208e8e31edc399ab19","sha256":"61e43d202b6cd0ebf29ac8014115fcb890eb5593c4160b9ae285206ca911bce6","sha512":"ff6da6a9cfa04e9c0e4c8c038b70ff6461de31cf3020ffa062fb50d6507ffb72d431652f7a8eaf7fab316b387a16a0ba5923cb568450f6e5a3eb7c232a3793b6","ssdeep":"","tlshash":"bd70008e020000a0cab220a80a022300b0202c0008022200a0a00008202ee038288080","size":21,"data":"","first_seen":"2023-03-07T01:03:03Z","last_seen":"2026-04-19T14:02:47.140497Z","times_seen":20579,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"c809887dc51fb5a7e73a3a98c3dd661c","sha1":"7d7574d4dcf1e06e2230379897c5df681ba603de","sha256":"1138f8c1bb11f4a5f7d8354b8c8a642ef94c9c741d76a7f476bac6473b7de085","sha512":"3a5e6abed1f1fa40c5d7d13b98d4e90d180f5913a673f10db23f40b1fe68a70de8e780c2633bb6f37745ce4aaf81707844817fa84baaa2b764a322831c298e7a","ssdeep":"","tlshash":"9b8000f00283008b08308f03230b3300b030200c30c032cf3038003c3002383bc030c0","size":32,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.510411Z","times_seen":17900,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"8cc75b255458a4b1c976acceb32941d3","sha1":"f82a72b51a45b9480f1f2d5631447b886268bd18","sha256":"1d894854a8b3ee0427545662d920489541db898fb8153c2ff5d806d246bb20b7","sha512":"907ccfdb97ed74c0b02e5fabc55bf314191301b389bee2f3f73b105670853303c2c30bcb0864888b98f6097c838cc4906a77f21f1573c3d1984637b7e27c32c0","ssdeep":"","tlshash":"b141f9bd6f9b1c9360330a3342e2627d5f69928886c3d196387eabc21b14865432686c","size":2012,"data":"","first_seen":"2025-12-04T02:48:57.429369Z","last_seen":"2025-12-04T02:48:57.429369Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.displayvertising.com/ExiR/oa/sjquery.json.min.js","fqdn":"www.displayvertising.com","domain":"displayvertising.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"c7fcf6d6cd279a65310c2f69dd5b251c","sha1":"edbe0bee583f105dc3420350d49cdc7248981aa6","sha256":"0e5bd714c019c8610e04a0e0e65b8dbcba3949a646d963918d723dfd25fb3371","sha512":"6e1c68f3ea4639b10f45a6b362fcc7cb6354bdd88c2b13b98f045b0701b7f30cfcde5f5bea2b9a8d976ec76ac11f03ad66567eaefd4b4276bd22dcf661f7bd9a","ssdeep":"768:bt9rqAYKKqZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCSZCntlqoMA:bbhZzFQ9JsTgZvfzmMzhYrTscpRZ+","tlshash":"88132aaab286282601e741b9513eb317b23305167812d458fcb9cdf96e3dd86127b7fc","size":41949,"data":"","first_seen":"2025-12-04T02:48:57.330168Z","last_seen":"2025-12-04T02:48:57.330168Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"022a3fa77566ef29a4b6d9b9578e1099","sha1":"9d72fe59cfce7837fb4025274af80311d2146b42","sha256":"838e59341208d9c01e58413e64590692ced5f234d0e00b93754676c945d163ed","sha512":"d796a3aaae02c65e5a251d9d851504a603063a4df15673056b3c9e23d52596a6aefd65c40e27008314059f01d6c8e17d3520fd24cd743e40c0a6713c73fe7e7e","ssdeep":"96:tV9ljcEZ+oz3+flpKdH70JiYYn3Ly3c9MKdH70JiYYn3Lyn4V41mD8+oCfMEDaH:tV9ljNz6PKdH70JiJ7GcSKdH70JiJ7jS","tlshash":"93b13ab4dfb704adb90a30bd748a25099f60401f1902d582b84ed1c4df8a79636aedc4","size":5349,"data":"","first_seen":"2025-12-04T02:48:57.431105Z","last_seen":"2025-12-04T02:48:57.431105Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-20T13:56:30.600351Z","times_seen":14443,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6b102c6276b7427fbd9d840a55b1f810","sha1":"c14fc4188ad50b146212b5c3efd5556c39c0c3bc","sha256":"af18ee7d06fe2ee2da28af260ea0c78923664ecbc220f3ce395c50b1822dab7a","sha512":"1ac3bd21fa66c0d0ae098bdf685df1141991add11f94d75273b228120c70c667870c15274e7070d6133c88833ca8cda86b11d90048982707bde8fd5c22ceca39","ssdeep":"","tlshash":"78900405c335474d1574010477555d031400130440154d15301c101135454c3004175f","size":41,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.505739Z","times_seen":16624,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"7a837a4ba8ea13b8193945adf0261e19","sha1":"61428cd720ebc0f01c4c017204c313193c22c101","sha256":"28d9693460ce57dd4e01742e50a1baa10cbed3fa6c20c2a69f02424f80fb9a2e","sha512":"abe0e46d98027527a7d2567c4feaece7ad3c1ec94eed8fea59b9eec596cdd4fa39e7776e9dbc4dd6fe777d9b09300d45ba2a49fc9479e0acbdea92ebf5ef940f","ssdeep":"","tlshash":"516000000003c03300300300030f33000030003000030000000c00303003c03c0030c3","size":14,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T14:02:47.113194Z","times_seen":23252,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/jetpack-stats-js-before","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f42f3d29e32984b867a6ddafc5fc9ad0","sha1":"569cb7396170f5b4ac082d0cb647415069b65a72","sha256":"05a68bb97df88791d66f539e5439985e37e1eefbf8ce94929e9750753d23559e","sha512":"269ca8b008e59c0ffac1e3f4fd33fe21aefe72d7042d733128a2d8198015ccc48e034c3394ff444538b094a4acc13d8025a308ffc633afa66c608b41d64541c9","ssdeep":"","tlshash":"e5217225cb98cc6cd2a00ebc347e8c2388d4101ac03a0c55aa0ef828aa7d0b288c3280","size":1150,"data":"","first_seen":"2025-12-04T02:48:57.437222Z","last_seen":"2025-12-04T02:48:57.437222Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4ea469784027612dad0cff8c054e1376","sha1":"0ba2d0db2ab4cf8baf3c71d3bf0549647da4aa4d","sha256":"ac074ef53fa7ab522018bac6394ff9aacec209304e0b88405d89859d7f4fcc53","sha512":"7c4f008521e3be598436ca73ccc11d752d5c728c54a2de519f9f555c8b71e0d5bdadd60ae7662362096b3ce92277795c02ca97cac04073ee6736d17d4c1a67fb","ssdeep":"","tlshash":"6bc02bd88004f24701d1cc2d2cecd54083118f00341f001739d114230380505c5d335c","size":140,"data":"","first_seen":"2024-09-28T07:18:21.550481Z","last_seen":"2025-12-04T02:48:57.420401Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"df0f0e3e7f31f2501d7e19833ccb4ddc","sha1":"e551bfcbdd3a7c41875f1a974ad1914604b5969f","sha256":"511e9d231c9360fcb7670f7cbaffb35bf8180f124fc080ebbfa5962d4c8bb089","sha512":"57497c56a50a2a0ed0cd9862fdaf381fbf969bd3048dff24dee46f2dc10139cccfcc4b275d7d74cd3d8f036ada1eabe54d05c4773e80ba797748aeff6c855898","ssdeep":"","tlshash":"b98000f8002300c302300f032b0b3302b033000c3accb0ebba3080303802303f8020c0","size":33,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.512729Z","times_seen":18132,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/themes/ultimatube/assets/js/skip-link-focus-fix.js?ver=1.0.0","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"75abd4cd8807b312f9f7faeb77ee774b","sha1":"e7b7a7ed06d0123ab8667a1d1eeb23de9f2bece7","sha256":"ca424c0181141900220a19f998ffa7660380bc99ab99557ad458a083251f7034","sha512":"c9f1f752994f1361555680ca5a60339fda152587ccc055db20148c086d82846887dd0801187aa033829b7d5eb9644b9391f493965eee35b4a1592f82cbb36aa4","ssdeep":"","tlshash":"bb01cbb6b30d44b604aa32178d5f61cd297d91e3a829649b8cc909502924c6d23befb8","size":683,"data":"","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-04-20T11:21:39.820869Z","times_seen":10951,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e54e7bec647560e00286eb530d8d007d","sha1":"c8aea76ba8dffc9e7493784cc60395d609785d57","sha256":"3738d56507581da135ab28dbc4738727720f152918a90829dcbaa0d3b12831b9","sha512":"72a71046f982614210de63bd4bf9564aa21d20e7ee0e09281c3e3c2147cd318eccb0b35ac3d90f007fbe281fca540723cae6a9c17e980c72fef9480fa19f87ac","ssdeep":"","tlshash":"9f90026e0562841516e2240c5d2d9e6860590013cc46a5c97a8c82a48b141945016506","size":55,"data":"","first_seen":"2024-09-28T07:18:21.580225Z","last_seen":"2025-12-04T02:48:57.439831Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f837fef4f10b7a855291bc8c75cd0f8e","sha1":"8a868d1ecd074e9f1cb99a17693c318c9dc693f6","sha256":"df1fce49aa43537fa49978d52916f0efc5e81be4926a4e20cda04f1bfdb7ff8a","sha512":"9c7c0558ebae3ceb15b42a3dd059a7dd22d6b69d44ffbfd613778681fa98fc61d3dd088f9b27d9b375548ca18a9a2701bfedab71de13d94568f130eba9c9ad4e","ssdeep":"","tlshash":"54e07d214a835fc322a3aac0501c076369b95121d0948d19679cc0800aa5903f6d411e","size":304,"data":"","first_seen":"2025-12-04T02:48:57.441807Z","last_seen":"2025-12-04T02:48:57.441807Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"be6b25353280fac3960e70c9dcb6804f","sha1":"46c69609a3bb697e60644b18dc85d780c44804ea","sha256":"38be2b1c1c886666cd4ac85d71bb8b65e51d95c7c5f40b0c575f7d196a0442cd","sha512":"cfb553df29882616e097d28e643208df6aae0e005e63b7e7d9310a731135e9e33407ec268f12699208db7dd4fe2e8ba8a49de900e8b0a1a4bd83bd522f2ee953","ssdeep":"","tlshash":"10700008e08020a308380002028223222a0c282080822020002b0280288228baa88a80","size":24,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.509203Z","times_seen":22176,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"d5757abfc2dfe2efd4bb1409941cf087","sha1":"a3eb249ef753951d22faa61f87302479aff27023","sha256":"bc9c06f981e7daa0478c449324d4010cdbc3c83c9a95879b99a0b531f5cabb87","sha512":"a21d0aae842d3e854147d43d706f8a72afeb8a045e8c020c6a3f0e61a0c91066b86163539ba9a2827f0a61d53b120a90b5c1ba65875e334a87ceca32b06c0117","ssdeep":"","tlshash":"188000ae80a800202230282a020222a02203e002c882008000ab0300208002b0280c80","size":27,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.51193Z","times_seen":19592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"a97ae6bd4dc972c26de801f868a79d5c","sha1":"cf1a46aa575a9718f8d4154813a7892317e7f8bf","sha256":"51c1083130407a8772738aa2380eb5a583240a47d98f2204b124c06fd11aabd5","sha512":"f16b7e511db0f35f83e9380c46a6173de1ca6aebbcf4aec1be6efd8d0cb669fc9a07c4e7702149f0421425109c35a9cd041347677ccaed445c978296502e78a8","ssdeep":"","tlshash":"51600003030c0000c00000030c003000fc333c0c3c0c30000c0030000000f033cccf3c","size":17,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T14:02:47.115159Z","times_seen":20811,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"902c460afdd3e381e561395b818a5dbf","sha1":"91008cfe46804ec773a2e4f72302086a0a41366b","sha256":"64e360e85164e7675724c7fe1ed681b25a138c51d437bac5ff97e8910ccf2aa7","sha512":"f1cdaa252c9faeb7cafc830b5d755b186e10d090b7b2482e66ff0cba147c8ba570a1751dec8f3cbc4a59e654025753813aa3910f3c0c9ea2a673bec65e485416","ssdeep":"","tlshash":"5670002002002820802e20022202a3002000020008000000820800082220203280828a","size":18,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T14:02:47.136108Z","times_seen":17706,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.wp.com/e-202549.js","fqdn":"stats.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b1e85b83d13876fefcf2d873fde8da3e","sha1":"09d271f2a7dd17e66a19fcbfca887734d951ed2f","sha256":"2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe","sha512":"a1ab2e32190702e46c440606a45e51dd073168fa11828683764aef077fb2b495343bd91ee784974244c37d0a52a8225d1a6359ffe0ddf0ec6971aeb7c50e3ec8","ssdeep":"","tlshash":"6b71646536c5f0381af630a5235f630af5ba8b7a7d4a9044c37cd4b07c79e8b9412f9a","size":3812,"data":"","first_seen":"2025-06-09T00:15:30.881783Z","last_seen":"2026-04-20T14:08:30.296555Z","times_seen":49183,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"41310478a380eaf7e07dbad9b4f81a97","sha1":"1714b6ef86e90b5b23e2aaa1e7728ed9c59f4d34","sha256":"848e5342d9196c0f64861ab926a3c5aecce9294750febbd22e5d8df859bdb144","sha512":"7b93f330547524ce01b8f888a8d56c19cd4432fbee43db16aab33fc1aecd77243762c5e7dd5ce767e38c0fdf9d58bc629caf106d77689c1ef90ebeb09406580e","ssdeep":"","tlshash":"d37000000000000b203c00020a023a003003003000880800820808302ae800b802c0a0","size":23,"data":"","first_seen":"2024-02-12T20:00:21Z","last_seen":"2026-03-06T11:55:01.500018Z","times_seen":19951,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"aff4911aae12241b7709effded4af0dc","sha1":"86a68b9926821e374cdd34cc9d0ec5d8c9f2c870","sha256":"c66fd00bf884bbcc3f43284fb1c86bcea447ce653124ca7b7202d0e5fd30ae08","sha512":"5c3a88f2ccff8de35abb443fb5fb5e12fa49467d1b81ab5ca0747f65b2dd8e042a9ed6c6f8ddb1865feb09acc7c49a6b097fb843e5aaf8b731b235b2277734d6","ssdeep":"","tlshash":"278000c3800008e802e20a03ce03322020a380ae8022a800020088b02208b0f8b332c8","size":27,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-03-05T11:10:16.790605Z","times_seen":14639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"be47bb36df0dd0ee20f011451a924533","sha1":"fdc5c7e734a573fa50ff848d0efb1019a7e66d91","sha256":"508a4f2f05a85a2d6a3d23a64ca01852c79dcf04cd7b75e3a77c75c8c6c64dfe","sha512":"53236a7be569bdc033de582e3cd162244a47d6105a834791690df3e4503974e48edeb5f74d835d043a1854edb2dbc76443c02e458b336bc9b2d744bd5de6d633","ssdeep":"96:fpJozowy6qIckxzDrS6ecqU9ok+2xlp8f6QEMHzzq1mDeCfMEDaH:0zoCqIckxPmoKAx+9TC+eCkCaH","tlshash":"d1a12d7a1ec748bd2423406f63b7526a2f31510b9a42df00355cf7c26f20da04e6a9ed","size":4808,"data":"","first_seen":"2025-12-04T02:48:57.448674Z","last_seen":"2025-12-04T02:48:57.448674Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hardexpendstrategy.com/8f6edd1e8ad7befc4a63b2a2e89e457d/invoke.js","fqdn":"hardexpendstrategy.com","domain":"hardexpendstrategy.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6e61a3ba52868b71885d3c55a9ce7b60","sha1":"7275880f22b2aeea22fdfa7c0b4c9595ad78cd91","sha256":"5e6f8d70e1b7b4ab9fbe9dff585618a7cd5adbc77f32d9b227092659a8046b75","sha512":"2471f762253d74d27a33254b559c65761698c752e61cecf722635691a754b170eb1c62ed75695803251fde39b80c2d4e67dd179da971103cfd404c5a3c6fbca4","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qnyXy:CkurY7JfhAl9n5","tlshash":"9e23d8887f90f75457967073723f800bb0156d60668cd8acd1a7d8e87eacb29f5327a8","size":46640,"data":"","first_seen":"2025-12-04T02:48:57.339672Z","last_seen":"2025-12-04T02:48:57.339672Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"adsco.re/p","fqdn":"adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"POST /p HTTP/1.1\r\nHost: adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 7554\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 02:48:26 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAS-P-1: OK lon123\r\nAS-P-2: OK\r\nAS-P-3: OK\r\nAccess-Control-Max-Age: 2592000\r\nCache-Control: no-transform\r\nAccept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR\r\nAccess-Control-Allow-Origin: https://xxxdominicano.com\r\nAccess-Control-Allow-Credentials: true\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1212,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with very long lines (1212), with no line terminators","md5":"58ca3ad28e2a0d48096f2e402c08ae6e","sha1":"ced733506ed98df3e3e40939988d893176ea6557","sha256":"b9bc0d883a2a558afb655e83538c80102600560382b88b84e6b60c206a484a58","sha512":"fa06e0be887f6a6ea470e020511ca19b011d1ea1dad0a56fe68c262983a6be542de739bebc9321a31e05784103bbfe4caa45989a80b0918ddbab7eea9b8ffc13","ssdeep":"","tlshash":"cc21e7e2b9c22ae761c3a5fbb766e07c4e31640e3c87a8c20655c8623330f288796090","first_seen":"2025-12-04T02:48:57.321982Z","last_seen":"2025-12-04T02:48:57.321982Z","times_seen":1,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":84,"dns":1,"connect":26,"send":0,"wait":76,"receive":0,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto%3A400%2C700\u0026ver=1.5.0","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css?family=Roboto%3A400%2C700\u0026ver=1.5.0 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 04 Dec 2025 02:48:24 GMT\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10774,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"e7cb2d867b9e05f4af9720d19cbb5b2c","sha1":"b7ea4479ffbcfe28bb2e7050de141633d50668a9","sha256":"ca3ae8c189a16cda4e543ffa4da61384d726aeffa701ad4778cad607b8f76462","sha512":"b498a441ced0d5f18193d38d0af1e683dfcc032e69f6787aef1d188108d78065df640795465bbf7de9e7b82c41d62220b0f93597b5af4d47d2fa86f0b8d4317f","ssdeep":"192:cNKfsNKNNKKNKfWNK/q5NKDbqGIwV4DNKlNKuyNKoNKf1NKENKPNKfLNK/qgNKDD:qKfaKDKwKkKyfK/qY45KLKrKmKf7KCKe","tlshash":"78220fa1041b500057834ce223cebf30fe1f52507142d0b5abfdab6badcbc66526936d","first_seen":"2025-11-19T00:20:37.722165Z","last_seen":"2026-02-19T22:27:05.661867Z","times_seen":1395,"resource_available":false,"data":null}},"time_used":486,"timings":{"blocked":211,"dns":0,"connect":21,"send":0,"wait":31,"receive":0,"ssl":217},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 28 Aug 2023 17:14:23 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64ecd5ef-15601\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360950\r\npriority: u=2,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m%2F07cUkuhTf4%2FVGe9OsfRj65y9pL3%2FT1XmZGH%2BNzqqanL9MkB4Aj4vdALtAiXw3ezQneQ80hQC%2BgnFHRmFRy%2FB3meNgGOF4DZn3tAkRXMA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dda587131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-20T14:00:50.305232Z","times_seen":729242,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"css.xcss.me/js/pub.min.js","fqdn":"css.xcss.me","domain":"xcss.me","tld":"me"},"ip":{"addr":"67.212.184.148","port":443,"asn":32475,"as":"SINGLEHOP-LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"css.xcss.me","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 11 Nov 2025 04:15:12 GMT","end":"Mon, 09 Feb 2026 04:15:11 GMT"},"fingerprint":{"sha1":"BC:7F:67:13:89:02:47:F9:DE:B4:1C:DB:83:1D:EB:D1:F9:AF:47:95","sha256":"3C:32:98:B7:BC:EB:9E:EA:B6:AE:E5:F4:6C:6F:2F:19:1A:DB:FE:88:CC:B0:70:14:8C:BC:4B:FC:F7:27:DB:63"}}},"request":{"raw":"GET /js/pub.min.js HTTP/1.1\r\nHost: css.xcss.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1482\r\nlast-modified: Fri, 11 Aug 2023 10:37:03 GMT\r\nvary: Accept-Encoding\r\netag: \"64d60f4f-5ca\"\r\ncontent-encoding: gzip\r\nexpires: Fri, 05 Dec 2025 02:48:24 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nalt-svc: h3=\":443\"; ma=604800; persist=1\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2753,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2752)","md5":"842d4889c73f6664245d70112389026a","sha1":"3f5d934289e1acfebce633760640881a81ac8299","sha256":"99f43e50f4179af4ebf4c93668866d5a5607914fa0a5daa087354c3159d3fa03","sha512":"06183fcfa4fae4e82e8805417d75b6de162666c636c3c78c1200bd960d1efbbbe34c0ef132851e71e9bc8d53df243685e175093f1dbc03a5d5dedd6b794b6a21","ssdeep":"","tlshash":"2b51d8dbf64019235347d0dae5af899a027780173c0304e5c673e1b148ea87ec71b688","first_seen":"2023-03-07T14:14:23Z","last_seen":"2026-04-19T15:39:40.803284Z","times_seen":1008,"resource_available":true,"data":null}},"time_used":586,"timings":{"blocked":224,"dns":23,"connect":109,"send":0,"wait":108,"receive":0,"ssl":117},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"css.xcss.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"css.xcss.me","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Rosa-Mateo-Video-Porno-Filtrado.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Rosa-Mateo-Video-Porno-Filtrado.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:21 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce84d-46a9\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 95612\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cz9bC4QT2VuW%2FYPbT%2FFVdV5SGfECSI6WFvwTL07zTDsjMxr%2B%2BFmz3nh%2BMeZPpMNHMqccDmHpNdvB9JdkWLyhpQma7BW6gH2KV%2BSat5Zleg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0e0a747131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18089,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x220, components 3","md5":"0bbd9c4f597a10f9bad19db4bbbd1f44","sha1":"772fdb9be24709aa9974e6b4771590570b41e0e3","sha256":"f414c06e11851672b3c0b987694425c07d456446bd23ab3a8058b589276e667e","sha512":"51ab797b8c89179125be370c74ea509434ac10d35503c935c226807d264f96cffcc111728cf416dfb92ee05490d2ecb2cc1a571e78c690c526fcd458af922af5","ssdeep":"384:XlGyRm+yqMzj/Pj5KNdSBHgeQODJMHRxNeX3vwxYNLi++eCT2iU5:UyRVxMzn5/9ZDJM/NkfxNibeg2iU5","tlshash":"a782d112f5289404ea0f8f5754449375b3884e9576d8cff6be89b07063f618f56e16c3","first_seen":"2025-12-04T02:48:57.325349Z","last_seen":"2025-12-04T02:48:57.325349Z","times_seen":1,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/52/3b/eb/523beb7e5e7b4667b53c4d050c3ebe93.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /52/3b/eb/523beb7e5e7b4667b53c4d050c3ebe93.js HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 31458\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0f4c8e32c7ed29f0f89c763cccd76f3e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81858,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8a70be608264de14e8df960c8852f4a6","sha1":"098c66382e201bf563e88e376e45d42c79f119b4","sha256":"f835a681768492c84afde5205d9b05582dfe9e1684a24641ff3c6d5c50c112c5","sha512":"76987009d22c96ecddbfc673409543959a4d9ca21b2973f220005c36436b32385e20e92c6ca522e5ba2dfa68dc9434c901b1e93960a561f66113094191db72af","ssdeep":"1536:h3Zs5j4xaqmOxXUZ0ob3meMv6IqyiB+9be5:h3Acx//xXUofv6fOG","tlshash":"9283c88d7f99f1ac03527072722fa21ef0290d126098d1a4e253f5fdaf78729e976b14","first_seen":"2025-12-04T02:48:57.326582Z","last_seen":"2025-12-04T02:48:57.326582Z","times_seen":1,"resource_available":true,"data":null}},"time_used":751,"timings":{"blocked":280,"dns":0,"connect":91,"send":0,"wait":96,"receive":94,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Video-Porno-De-yandrepr.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Video-Porno-De-yandrepr.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce854-2d42b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 95615\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IBJQoSahqsili%2BllLVMMpHgqWOL6TKF64wYkA%2Bf9XTdbwrxlGPhC29ApYlqmn%2BbQbRV8q%2ByFLyXcXH295rvySJKKUMp2rExTfMvNeUZDIQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dfa707131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":185387,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 220, 8-bit/color RGB, non-interlaced","md5":"acece6f794e828d79be5225b4a102e65","sha1":"399466cbe8ca4f5fc83734aaa2f422b23dfcb5cd","sha256":"a4508556ee501b0be45a7765af55c3bc4180c4a14f4f221320dfb4c7dc0bbddd","sha512":"bd650d88f6755333b7833ddb2712bf061682d88fff8474c4107afe15ecb8d0935aaf52f8ca5c1da28aa511d39864c6fa4df12753cdf050dbd1a060e6023019e6","ssdeep":"3072:ZL4emHrp4lXUOOWFIH8gARDpAUDaW8OOgFF2WiuRgwHhkxlVs5fRk1PjPJq5wxKO:GeUKXUODFFgQZ/HiuRgomVga1Lxq5bO","tlshash":"06042358b1684fe271d3f9906890c9d53c262cce94b657b32c5866aba37b0bf42607f4","first_seen":"2025-12-04T02:48:57.327742Z","last_seen":"2025-12-04T02:48:57.327742Z","times_seen":1,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":103,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Jason-Carrera-and-May-Thai-Porn-Video.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Jason-Carrera-and-May-Thai-Porn-Video.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce869-270cc\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 319357\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oZKdJrep2F7sWKjaD5URAx9nB088xb0xvQ0OtrexpL7XsDTulZLslDnTh5c7YVFRQqRHz%2F7xexJAyWBgYHPyaPW22kYMNDSFaKX1IJULsA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea677131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":159948,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 372 x 220, 8-bit/color RGB, non-interlaced","md5":"5af7226ca1bd1f129cb59859760abde0","sha1":"44c0a31e4b070301fc9499eb7d3ecb3c146fcf7c","sha256":"68984b847fcb78f5448bc206b5247018cb905d195b4cda1fabdee4b24f441692","sha512":"0cee66bb5f94dbce497ac4d6ed331b28abe92f8f21b246fd7f399957496e5ee62c71dc9ec0289c272422004ae3438bebe76aa8de5df7871035d03720717ecb41","ssdeep":"3072:ZtGzQ/GKGkAcbWo2yXwTgj84yFmKie9ZjyC4AA1bHWXUbYA2ATM97Gru6:iSGfxTyXcoPGzAt2XUbYlAC7Grr","tlshash":"cef3123b648d6c51e3edb012f17de0d7823b76a14d4a9096cb459b341d5883b8f0afe6","first_seen":"2025-12-04T02:48:57.329059Z","last_seen":"2025-12-04T02:48:57.329059Z","times_seen":1,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.displayvertising.com/ExiR/oa/sjquery.json.min.js","fqdn":"www.displayvertising.com","domain":"displayvertising.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1503693843.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 12 Nov 2025 14:38:09 GMT","end":"Tue, 10 Feb 2026 14:38:08 GMT"},"fingerprint":{"sha1":"A7:3D:55:99:7C:90:CE:FA:29:AC:B8:D2:B7:C6:4E:3A:4D:CB:6F:AD","sha256":"3B:DD:7E:05:76:48:ED:11:E7:BC:5B:DC:BF:DC:32:D5:06:F9:E1:AE:5E:3A:A0:56:AF:12:92:B9:83:39:13:F1"}}},"request":{"raw":"GET /ExiR/oa/sjquery.json.min.js HTTP/1.1\r\nHost: www.displayvertising.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:25 GMT\r\ncontent-type: application/x-javascript\r\npopads-node: wb8\r\nexpires: Sun, 07 Dec 2025 01:10:12 GMT\r\naccess-control-allow-origin: https://xxxdominicano.com\r\nlink: \u003chttps://displayvertising.com/\u003e;rel=preconnect\r\ncache-control: public, max-age=604800\r\nx-77-nzt: EwgBX63NDQFBDAG5TAoJAde1UAUADAElE8IxAbdQDAAA\r\nx-77-nzt-ray: 2a494a15e578c9649ef630696ff2140e\r\nx-77-cache: HIT\r\nx-77-age: 348341\r\nvary: Accept-Encoding, Origin\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":41949,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (1568)","md5":"c7fcf6d6cd279a65310c2f69dd5b251c","sha1":"edbe0bee583f105dc3420350d49cdc7248981aa6","sha256":"0e5bd714c019c8610e04a0e0e65b8dbcba3949a646d963918d723dfd25fb3371","sha512":"6e1c68f3ea4639b10f45a6b362fcc7cb6354bdd88c2b13b98f045b0701b7f30cfcde5f5bea2b9a8d976ec76ac11f03ad66567eaefd4b4276bd22dcf661f7bd9a","ssdeep":"768:bt9rqAYKKqZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCSZCntlqoMA:bbhZzFQ9JsTgZvfzmMzhYrTscpRZ+","tlshash":"88132aaab286282601e741b9513eb317b23305167812d458fcb9cdf96e3dd86127b7fc","first_seen":"2025-12-04T02:48:57.330168Z","last_seen":"2025-12-04T02:48:57.330168Z","times_seen":1,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":54,"dns":20,"connect":9,"send":0,"wait":27,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"www.displayvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/impr.gif?sid=H4sIAAAAAAAC_1RTPWwcxR-ddfJP85f4CqI-JApA-DyzM_tFCoQJgQiTmCQoBUU0X2sP3ttZdnZvL9cQYYFCZ4km5d7vzrGACBEh0SFF5zQQAcpRuYgbGvpIqSjQ2ZYMv-L3se8V763efDGq9xGFmu-tvm-HJsv4UtDFnZevmlzZxnUuXOkQ3MVnOldNHrIzncG8lf3XCWVd_ErnHS037JKPCcYEk845U-rUDpYOUDDFnYR0E9xlfpcEDAblf29Xe-C4B6q_j54Do2ZP_5l-BEZOIe99f1a7jcoWr73dqzNe2RL6aufDfCO3TQ694zUtPUjznSM2WDdD6NYC2HznyAHY_mTuAISZoYUXHoHId45kguhvHyoVGegchPo_NP0p6GwXDJ-CtJtg1EMEIBVcuAh57_YFWzb8-iHK5-gMnXzyGEwzQycfPQ9577vlzAw6l21WV8bmDgZpC2YwBbM2haLehWrogWl2QVafgVG_oaUnK5D3JhddZsGovZeSkEoVqXCRxVQvMhmIxZhSsUgUYSkVCdPYP_hFJp0CdwtQOw9q40GdelAXHvTUXofhmEnCaZgmSkaYccaUFjiJfYx5IiOo5Vz7FlTFFshsC2T5-U6h1quNfjCpylpv17l0wYjcqa8Vme9jGodhMCK3DzkHlMmcMiJQlDdgw3z1sP_7DKH7116Esr4Hbn3vRxqmMg1TRZkWXIUUE0J5EmtJpOQy9qlSgZZSJ5hiFutQBFzFKsJEM0WSKCGJDLUUzE8l9hOSqkhooVItRapDGsmUiYgorYTCmPAAJ2lCQk1TzpjQNNI8EUQRTlhIowQrjGMay5hFIVeUsSCIpYhSTJMw9OOARziWRJAEnDoBrpoh74NPoa9aaDSCxiFoOILGIGgqBE2_3VaZ8117W2WuFuRo-keTtmNbrY34tq3WdI6Al1tQqnZiik_cJsjqxHiYOjW288ZF1Y65UO2o2EfPzhPlrb77JWzovU6chlopomM-955KxkMqfO7rONEsiBQ404JxC8CdB0MzQ-zWD1CYGTr1868g-C64bBekeQZ4_T_gzZhiDHx97AcYhvndwWCgbM_kRvLcdqXtgbItFNVJqK57o2wfnR5furJ87yDjK5t_g5YP0FGBLFsoyhY-NvcRrGU3x5dsgyaXbOPQ3YtFZXpmyOf5v1zxSp_65j19vbGlOn_WbX39ppwD8_XOFe2qFZ4rk6859O2yUUqX52wpNfrpvLuqxWrt1pfrMq-LldW3zp3vFaV2zth8Ctw81L-ANDP01OPTBy_71e2_QBY3wBXHKp1FIAoEmUGQ6ePvXLTg_nWL433kbsJa6QGvNiHvtdAvW-hnLfBsC1x9YlwV5YM3_qAHBSLzxiIr0URk5Rw3e52Ual9iHEchoXGqCWVKpkHMEhVyTKmGys0MfjL8JwAA___xWAdidwUAAA==","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTPWwcxR-ddfJP85f4CqI-JApA-DyzM_tFCoQJgQiTmCQoBUU0X2sP3ttZdnZvL9cQYYFCZ4km5d7vzrGACBEh0SFF5zQQAcpRuYgbGvpIqSjQ2ZYMv-L3se8V763efDGq9xGFmu-tvm-HJsv4UtDFnZevmlzZxnUuXOkQ3MVnOldNHrIzncG8lf3XCWVd_ErnHS037JKPCcYEk845U-rUDpYOUDDFnYR0E9xlfpcEDAblf29Xe-C4B6q_j54Do2ZP_5l-BEZOIe99f1a7jcoWr73dqzNe2RL6aufDfCO3TQ694zUtPUjznSM2WDdD6NYC2HznyAHY_mTuAISZoYUXHoHId45kguhvHyoVGegchPo_NP0p6GwXDJ-CtJtg1EMEIBVcuAh57_YFWzb8-iHK5-gMnXzyGEwzQycfPQ9577vlzAw6l21WV8bmDgZpC2YwBbM2haLehWrogWl2QVafgVG_oaUnK5D3JhddZsGovZeSkEoVqXCRxVQvMhmIxZhSsUgUYSkVCdPYP_hFJp0CdwtQOw9q40GdelAXHvTUXofhmEnCaZgmSkaYccaUFjiJfYx5IiOo5Vz7FlTFFshsC2T5-U6h1quNfjCpylpv17l0wYjcqa8Vme9jGodhMCK3DzkHlMmcMiJQlDdgw3z1sP_7DKH7116Esr4Hbn3vRxqmMg1TRZkWXIUUE0J5EmtJpOQy9qlSgZZSJ5hiFutQBFzFKsJEM0WSKCGJDLUUzE8l9hOSqkhooVItRapDGsmUiYgorYTCmPAAJ2lCQk1TzpjQNNI8EUQRTlhIowQrjGMay5hFIVeUsSCIpYhSTJMw9OOARziWRJAEnDoBrpoh74NPoa9aaDSCxiFoOILGIGgqBE2_3VaZ8117W2WuFuRo-keTtmNbrY34tq3WdI6Al1tQqnZiik_cJsjqxHiYOjW288ZF1Y65UO2o2EfPzhPlrb77JWzovU6chlopomM-955KxkMqfO7rONEsiBQ404JxC8CdB0MzQ-zWD1CYGTr1868g-C64bBekeQZ4_T_gzZhiDHx97AcYhvndwWCgbM_kRvLcdqXtgbItFNVJqK57o2wfnR5furJ87yDjK5t_g5YP0FGBLFsoyhY-NvcRrGU3x5dsgyaXbOPQ3YtFZXpmyOf5v1zxSp_65j19vbGlOn_WbX39ppwD8_XOFe2qFZ4rk6859O2yUUqX52wpNfrpvLuqxWrt1pfrMq-LldW3zp3vFaV2zth8Ctw81L-ANDP01OPTBy_71e2_QBY3wBXHKp1FIAoEmUGQ6ePvXLTg_nWL433kbsJa6QGvNiHvtdAvW-hnLfBsC1x9YlwV5YM3_qAHBSLzxiIr0URk5Rw3e52Ual9iHEchoXGqCWVKpkHMEhVyTKmGys0MfjL8JwAA___xWAdidwUAAA== HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzODY2NSwiayI6IjhmNmVkZDFlOGFkN2JlZmM0YTYzYjJhMmU4OWU0NTdkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJweDJ6MDl6NiIsImNwa3MiOnsiMjkiOiI1MjNiZWI3ZTVlN2I0NjY3YjUzYzRkMDUwYzNlYmU5MyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.pNzYoQxkVbAeCDyC8aKeE1-nCeSPHSD7rCJOChWvoIU; uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1; u_pl22038665=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:26 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 7\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f695db905c97945907d34a19ee080f38\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:24 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c25bbdcccaf5609dc56163ceaa994ce5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-20T13:56:30.600351Z","times_seen":14443,"resource_available":true,"data":null}},"time_used":164,"timings":{"blocked":58,"dns":1,"connect":17,"send":0,"wait":20,"receive":26,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-04T02:48:22.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlink: \u003chttps://xxxdominicano.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-permitted-cross-domain-policies: master-only\r\nreferrer-policy: same-origin\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CeJuuk7T7hYuvi8b5FCMd91gfkfgqDvtKHS8Bb4nnKnYCjnGI8TApwDZ9bTT7YAnQzngu8Pa%2F%2BRUtqQqaknNqmhIXzU1nxgBC%2B%2BQoEaPJdet\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9a87fc0618dc0883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Yoast SEO:26.5","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"WordPress:6.9","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":82276,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8832), with CRLF, LF line terminators","md5":"36c8c8a8f0c7374ff481ba35227c6144","sha1":"68d9532f9141b4a4eb27cf75b14987c51f3490c5","sha256":"9ccb5d984b7e1efd0d6d1359616a1769b1246c9c5128abfc507ad81a839008f9","sha512":"50b905c21697d4f984d4c6c008f5393c37b858e16e294d8b33e2d358d9667befa7aae82990005a3ece2da46bb8daf253545595bc8ee81b4adefa87a24c64b4ff","ssdeep":"1536:LCWMwypvvZ2VwW5A0AgAp2tAvtB3hwCu/ALkqwNIHeOhnrvwkuIUG:dMxN1hnrokuG","tlshash":"e983c7b5939e0573331b82db5d803718a9d7ca35ce038de6b2ff219883d1dd2b5461aa","first_seen":"2025-12-04T02:48:57.332986Z","last_seen":"2025-12-04T02:48:57.332986Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1082,"timings":{"blocked":22,"dns":4,"connect":1,"send":0,"wait":1038,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Emily-Rinaudo-getting-fucked-in-the-ass-on-Halloween.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Emily-Rinaudo-getting-fucked-in-the-ass-on-Halloween.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:27:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce875-5bfc\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 319358\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t7fJPy%2BLxprzEGvykLuCbSZu1orMWdBklObkkNHFWkCvngsF1Klix6%2FLzivDxBrmxtN1%2FskEegNMCeXqLl3VckBR2NeDycAtZVUXqYD0%2FQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea637131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23548,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 376x220, components 3","md5":"c30e3a371ecce97a0482599598556e3a","sha1":"4cb90e78e3f7f9927fb7fa64c03c34b46f4fa203","sha256":"e96f5cb8ec678f0f68fbf37d655322f77d82bfe0e991ac4e0c9c2c312fc2745f","sha512":"b4d6dc75814c4e24f947d501726f80a897be7fae10c18af8ed788e8a808d3c46a7df2c972a4963a50abf159f2df980ef8a5c1be881576944582785f9bbeab6bb","ssdeep":"384:dZf6AgzrWhZid4QOaheQZfcJEAd6SIB4uk10klcdYa0V7qkln2C4uPJqO8L/D0L:Xf61rWh44iheQZfcjNak1Plpa0tZ0C4C","tlshash":"04b2e1811d512882cadc847cfaab6032dd72eb0a2d3a7754c521f6b46fe34a707082b2","first_seen":"2025-12-04T02:48:57.334324Z","last_seen":"2025-12-04T02:48:57.334324Z","times_seen":1,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"stats.wp.com/e-202549.js","fqdn":"stats.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 05 Oct 2025 19:44:58 GMT","end":"Sat, 03 Jan 2026 19:44:57 GMT"},"fingerprint":{"sha1":"E9:63:7F:0C:6E:C3:A6:C6:27:94:43:17:2D:51:5E:E2:3E:DA:FB:16","sha256":"7A:94:BE:74:03:C4:90:D6:E8:ED:98:EB:0F:DC:60:BE:D8:2A:DF:82:3F:DC:85:70:4F:C1:10:52:E4:F5:75:81"}}},"request":{"raw":"GET /e-202549.js HTTP/1.1\r\nHost: stats.wp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nx-minify: t\r\nx-minify-cache: hit\r\netag: W/7134-1748959715313.3396\r\na8c-edge-cache: cache\r\ncontent-encoding: br\r\nexpires: Mon, 30 Nov 2026 15:59:46 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\nx-nc: HIT arn\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3812,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3812), with no line terminators","md5":"b1e85b83d13876fefcf2d873fde8da3e","sha1":"09d271f2a7dd17e66a19fcbfca887734d951ed2f","sha256":"2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe","sha512":"a1ab2e32190702e46c440606a45e51dd073168fa11828683764aef077fb2b495343bd91ee784974244c37d0a52a8225d1a6359ffe0ddf0ec6971aeb7c50e3ec8","ssdeep":"","tlshash":"6b71646536c5f0381af630a5235f630af5ba8b7a7d4a9044c37cd4b07c79e8b9412f9a","first_seen":"2025-06-09T00:15:30.881783Z","last_seen":"2026-04-20T14:08:30.296555Z","times_seen":49183,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":10,"connect":8,"send":0,"wait":8,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/watch.1441467147060.js?key=61fa5642046c4327085e4f22d6209b1b\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=472b21c28b533812a21c1aa763ee0979fd5384556224023d921aaeeb2973062b99a99bfbe0361f64346f065d2bbe4e32bb953b10275b1ad45de0785519079c31e8137b30cdd4b3a22b31ad1ddf8eb3555b2c78cce384583aefac02\u0026pst=1764816564\u0026rmtc=t","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /watch.1441467147060.js?key=61fa5642046c4327085e4f22d6209b1b\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=472b21c28b533812a21c1aa763ee0979fd5384556224023d921aaeeb2973062b99a99bfbe0361f64346f065d2bbe4e32bb953b10275b1ad45de0785519079c31e8137b30cdd4b3a22b31ad1ddf8eb3555b2c78cce384583aefac02\u0026pst=1764816564\u0026rmtc=t HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzOTAzOCwiayI6IjYxZmE1NjQyMDQ2YzQzMjcwODVlNGYyMmQ2MjA5YjFiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyMywicHQiOjQsInBrIjoidjkzdGdrN3IiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.ILzQ5ASexXfPuQImxhEB_q2eeDZt8hwcZa16bM980p8\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: text/html\r\nContent-Length: 2586\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://xxxdominicano.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1; expires=Thu, 11 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\npdhtkv23=true; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\nuncs23=1; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\nu_pl22039038=1; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 17\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c3086801e78d59834e3667694d8610c9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5272,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (2842), with CRLF, LF line terminators","md5":"8a62da8b7e5d5696bc594af90f080f74","sha1":"0676ac58cec4d161d9a4e4bba9234bd484a2cd06","sha256":"ca5baab20ca42696e9a6d63ac90b181a1a6b81fbbc00244815d0c0ad4c87a132","sha512":"805803e1709ecd24413385c48e43f97d248e61242c60a93887858c7897b78755acd1d1257caff17f059be507fd50b8f04f01071ff01b129485457b880b8c8625","ssdeep":"96:8+9lBOItozjXyo81iRXCrxgebqUdQeq3rOzn9x1iRXCrxgebqUdQeq3rOzz1wDev:h9lBMzjB8AYTLdQeWKHAYTLdQeWI4eCi","tlshash":"8db12c3a4dc1a63944b7249f393a26881972510f9205da09fb8cb650ff6bb7029bccdc","first_seen":"2025-12-04T02:48:57.336381Z","last_seen":"2025-12-04T02:48:57.336381Z","times_seen":1,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":112,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 275bac2f7dad4d00b3e35ad501fa539f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":137,"timings":{"blocked":41,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/watch.462151049078.js?key=8f6edd1e8ad7befc4a63b2a2e89e457d\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /watch.462151049078.js?key=8f6edd1e8ad7befc4a63b2a2e89e457d\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://xxxdominicano.com\r\naccess-control-allow-credentials: true\r\nlocation: https://wayfarerorthodox.com/watch.462151049078.js?key=8f6edd1e8ad7befc4a63b2a2e89e457d\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=36fcf6fd34ebad630113a98ec1ccac823dd5ecce903048e6b5ad8d701e4d197919c6ecb42fc0291fd7bebdfecbfe637cf4b71dedbd001a509f916e3fa44be37ea9b1d1a1463790d00838c8476ad344558cb7f03966285a708c1b19\u0026pst=1764816565\u0026rmtc=t\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzODY2NSwiayI6IjhmNmVkZDFlOGFkN2JlZmM0YTYzYjJhMmU4OWU0NTdkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJweDJ6MDl6NiIsImNwa3MiOnsiMjkiOiI1MjNiZWI3ZTVlN2I0NjY3YjUzYzRkMDUwYzNlYmU5MyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.pNzYoQxkVbAeCDyC8aKeE1-nCeSPHSD7rCJOChWvoIU; expires=Thu, 04 Dec 2025 02:49:25 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 35493ddb2c4acd08b6ab438cd39cab1d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5382,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":552,"timings":{"blocked":274,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tm5r00enbwg8.l4.adsco.re/","fqdn":"tm5r00enbwg8.l4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"185.200.118.62","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.l4.adsco.re","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 09:14:30 GMT","end":"Wed, 11 Feb 2026 09:14:29 GMT"},"fingerprint":{"sha1":"44:4A:2D:C5:7F:AC:E8:4E:70:9B:91:5D:F6:AE:99:5F:66:18:51:46","sha256":"3B:1C:F2:20:1E:BC:6C:00:04:8F:3E:30:B9:AC:DE:26:B1:D4:73:CB:C2:6F:2F:F4:1C:E8:C4:A5:FD:38:8D:68"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tm5r00enbwg8.l4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:26 GMT\r\ncontent-type: text/html\r\ncontent-length: 0\r\nlast-modified: Fri, 02 Jun 2023 14:03:32 GMT\r\netag: \"6479f6b4-0\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":110,"dns":57,"connect":23,"send":0,"wait":23,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Mexicana-Transexual-WOLFSEXXX-Video-Porno.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Mexicana-Transexual-WOLFSEXXX-Video-Porno.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce851-2b3bb\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 250752\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EFoAkGn%2B12XLCE%2BcKlIEytjXqNh%2Fqki5lsrXSefCKFY%2FgHKoVbx%2FLobmN8aFCz%2FH3yPTpynydcDCFYdj4mTv9jJZ%2FeqUYkZuDL7l4Zj4iA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dfa717131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":177083,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 389 x 220, 8-bit/color RGB, non-interlaced","md5":"497797382058248d2d94f092949895e5","sha1":"bb1fc0e98fde53a013e92a8492651f2133541c38","sha256":"ccfeac2753a9cc35a4e7ed8c0f0334e6522576b0ddf355b85cb12b6c999a05b2","sha512":"0524b6806a21156866b86fa64d526286620b5d393b8ca56e3d840b1d47202c19156d8a429e37997904f1e6e07cedc8c32f0de9bb2d715f873bb86a1c158b579d","ssdeep":"3072:NBemx2H6NhnQjn6/lb+HYWQH+4aijCMd4QIdETsQmvjl/Sf5ZJXYNyBkVCi1e+:77YKlaSH+KeqTXk/qBoNkkV8+","tlshash":"2204120ea8332fbd7eedf00285fe21e3b66521cb41a79ed7d08516b8a8347d6750171a","first_seen":"2025-12-04T02:48:57.338431Z","last_seen":"2025-12-04T02:48:57.338431Z","times_seen":1,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":115,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hardexpendstrategy.com/8f6edd1e8ad7befc4a63b2a2e89e457d/invoke.js","fqdn":"hardexpendstrategy.com","domain":"hardexpendstrategy.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"hardexpendstrategy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 21:16:06 GMT","end":"Tue, 24 Feb 2026 21:16:05 GMT"},"fingerprint":{"sha1":"A8:FF:E5:8C:94:D6:8F:80:8D:5A:FD:72:26:C0:BD:D1:2B:18:DF:52","sha256":"A6:5C:D4:ED:34:D5:97:37:07:EC:2D:9B:F4:D4:BB:E0:F1:15:4A:03:37:14:CD:A6:87:7D:89:FB:A5:61:6A:77"}}},"request":{"raw":"GET /8f6edd1e8ad7befc4a63b2a2e89e457d/invoke.js HTTP/1.1\r\nHost: hardexpendstrategy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:24 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18353\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: hardexpendstrategy.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4e946398174a26562ae5b4b9f62eda4a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46640,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46640), with no line terminators","md5":"6e61a3ba52868b71885d3c55a9ce7b60","sha1":"7275880f22b2aeea22fdfa7c0b4c9595ad78cd91","sha256":"5e6f8d70e1b7b4ab9fbe9dff585618a7cd5adbc77f32d9b227092659a8046b75","sha512":"2471f762253d74d27a33254b559c65761698c752e61cecf722635691a754b170eb1c62ed75695803251fde39b80c2d4e67dd179da971103cfd404c5a3c6fbca4","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qnyXy:CkurY7JfhAl9n5","tlshash":"9e23d8887f90f75457967073723f800bb0156d60668cd8acd1a7d8e87eacb29f5327a8","first_seen":"2025-12-04T02:48:57.339672Z","last_seen":"2025-12-04T02:48:57.339672Z","times_seen":1,"resource_available":true,"data":null}},"time_used":735,"timings":{"blocked":245,"dns":24,"connect":93,"send":0,"wait":94,"receive":91,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7044ddb90179bcb382eab7e52247ac79\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-20T13:56:30.600351Z","times_seen":14443,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"6.adsco.re/","fqdn":"6.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"104.16.43.28","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 6.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:26 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 45\r\ncf-ray: 9a87fc1b8d2f56cb-OSL\r\naccess-control-allow-origin: https://xxxdominicano.com\r\ncache-control: private, max-age=10\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-max-age: 2592000\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":8,"dns":1,"connect":1,"send":0,"wait":12,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Famous-Mexican-woman-giving-head-inside-the-car.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Famous-Mexican-woman-giving-head-inside-the-car.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce873-253de\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9%2B8145nhciDSyJ2g4jDOHLdF2YLMMyYMP7dQ1OyQeolHZhE1yuJ5sN0Yy%2BcTRpOEyUeZ4RtJl3GhUAQP%2BljyCXqoLr9jKDYm9LcsWGL65g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea647131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":152542,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 370 x 220, 8-bit/color RGB, non-interlaced","md5":"df770867fc22442b08c69d6384a29add","sha1":"3720a2f519c40aa2b5035aaf4258eddaca5aa880","sha256":"938cd9b8f3b65178d7b2f39a0955c2537b510cfa0a10eb586061f03485d8b9c1","sha512":"f9648c2534db7daf7be3468a1fb1911270b100600e30379d8c327eb3e7cd0267a736b64e712c4240b4d1f35c0d2b39fec6cfd75e6eed894b77df0a0c792d364a","ssdeep":"3072:R1XVyvmeDZc8mUAAo7MX+mpHPXQwUlx9dLzRh5dCqvUsRKLPnIqa:rXr8BP1XpY9TpzrLDhRqPI5","tlshash":"95e312c78823f08c53de644fd8eada5b791c9e57e08296dd843096cc165c35b6d6e28c","first_seen":"2025-12-04T02:48:57.341486Z","last_seen":"2025-12-04T02:48:57.341486Z","times_seen":1,"resource_available":false,"data":null}},"time_used":996,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":581,"receive":415,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Aline-Faria-praticando-sexo-anal-com-seu-escravo-sexual.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Aline-Faria-praticando-sexo-anal-com-seu-escravo-sexual.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce858-5a69\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 319357\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hDU9VX%2B%2BwD3CEFgAs2GWZ03idqQ4FynXat04bIv4kpZ%2BFraNRqVKnbzPcB0tza2eCS9lvHUKfXTeM4H%2B7IJ1AM2m%2FyZdEqfGToP8UUsk9A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dfa6e7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23145,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 376x220, components 3","md5":"d777581771e1ad6e6d2383f6b18dd6c6","sha1":"09e4213786ea32b27e6ce4619cb06d2e12b991d5","sha256":"0db0818d75c132e9f71e88b99d2d0043903d21c0470405e45a6be51e81c38453","sha512":"756a7742e51b799a7fac443cca9b0cb8932fe89fa43bcbdccaa16ac4f17d56eba8d9ca3e87506d976c434333c1a484778c47fefcef29e97d250ee1490cf51e90","ssdeep":"384:1tvUjD5dzPHOPKIlAd3yXPLdyMJ+gVUXdMFakdwcSJcUeU/4i7wsurk4sHM/hi1j:LvsDXzHZnd3GL0Y+LXdfcO/7ws1ai1g0","tlshash":"44a2d0ad4b1792e0d88c182c967bba70d584d860a17215373c76633a0fb5b923be53d0","first_seen":"2025-12-04T02:48:57.342598Z","last_seen":"2025-12-04T02:48:57.342598Z","times_seen":1,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/themes/ultimatube/style.css?ver=1.5.0.1763074193","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/themes/ultimatube/style.css?ver=1.5.0.1763074193 HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 13 Nov 2025 22:49:53 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69166091-14360\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360950\r\npriority: u=2,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=shpGvWJOeotiZbxJ4ZF4cXgRxavdf5Jio5wQN%2BsfbZ1a%2BSAxPdQhdTjoyzwbiWZvoF5zqXQst9i59BEQpYjCu9uRptl7GUl8uqrMXh1aZg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dca577131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":82784,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text","md5":"31ddb5b5fd5eed1ef990243d476ed219","sha1":"3545a1ba72f74f9b5edf7795c9d9e02d7731225f","sha256":"db67b6cede4b4caa818bd4142acacd316e3f36a2bd9dc78c1c27dea50431a2c7","sha512":"3d566211d72aefab83fd2439597e2cd78d804fad6d10bc912c82f14b923fb3ca45401aef20633ebe781bb695499beb598a0c198f9181870fd662edb1457953ee","ssdeep":"1536:KhZZnJZnEBDZn+xYp1dZnUN+MUZnc5RltizIZnDiqmDZnd3Zn7hgx9vztVcBlg48:KjZnJZnEpZn+qndZnUNiZnQRltikZnDv","tlshash":"d383a566af141844932bd1a5bfa4eb91d22e4012df0f4eeaf095692cd38e55402bffcd","first_seen":"2025-11-28T12:26:40.492267Z","last_seen":"2026-01-09T22:19:51.322124Z","times_seen":11,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hardexpendstrategy.com/61fa5642046c4327085e4f22d6209b1b/invoke.js","fqdn":"hardexpendstrategy.com","domain":"hardexpendstrategy.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"hardexpendstrategy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 21:16:06 GMT","end":"Tue, 24 Feb 2026 21:16:05 GMT"},"fingerprint":{"sha1":"A8:FF:E5:8C:94:D6:8F:80:8D:5A:FD:72:26:C0:BD:D1:2B:18:DF:52","sha256":"A6:5C:D4:ED:34:D5:97:37:07:EC:2D:9B:F4:D4:BB:E0:F1:15:4A:03:37:14:CD:A6:87:7D:89:FB:A5:61:6A:77"}}},"request":{"raw":"GET /61fa5642046c4327085e4f22d6209b1b/invoke.js HTTP/1.1\r\nHost: hardexpendstrategy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:24 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18331\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 8\r\nHost: hardexpendstrategy.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7c3453171d48dbb5319a5244276063bd\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46627,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46627), with no line terminators","md5":"042ff6b8a6550f68520aed189ee44e31","sha1":"95cacb6139b3310e74bf8bd597b173fbdfa78688","sha256":"2bd237db79239ffc166b0d62f945c10d2bfde77644ee895c4c9a703e17baff6c","sha512":"4ea3ac8158ba48297fcd4fdffe7fae5f8075247e1fb8edd34c7dc0304c0650b9a2c7aa23608a1b9b67bd01a35b30b61d2dfb345c32a359af5e59271b068ec10a","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qzyXy:CkurY7JfhAl9z5","tlshash":"6823d9887f90f75457567073723f800bb0156d60668cd8acd1a7d8e87eacb29f5327a8","first_seen":"2025-12-04T02:48:57.344955Z","last_seen":"2025-12-04T02:48:57.344955Z","times_seen":1,"resource_available":true,"data":null}},"time_used":828,"timings":{"blocked":301,"dns":45,"connect":93,"send":0,"wait":102,"receive":92,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Hotsolzinha-uma-transexual-fazendo-um-otimo-sexo-oral.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Hotsolzinha-uma-transexual-fazendo-um-otimo-sexo-oral.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:27:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce890-56f1\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 50439\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oX5Nc81AV41k6rgRfr115yXIUbqfE3SHpeqrL7cn0OZD6B%2FHn6d5YlaaiM8a1DEtTtmzR7SS3PBWMeGtcv6DPm9g9AD9DuZC0FvWmKzwMQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dda5c7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22257,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 379x220, components 3","md5":"4ae3ebdb59346ec4628d4c6211228e0f","sha1":"a19dfb53aae15bd1e1e5b1337a5a020974697aeb","sha256":"d3fafebc9df3c4ead899c1a6eef82b495c29ed740df24207b7da2f867eff982e","sha512":"071123530e527124291d3082fec3d2debff497d4bfd76b1cb20521ab35c7a21232d0824252a4881e4611c1b54e01752383500d0972cd5780572245e8d923206d","ssdeep":"384:f8Xk0YTWNfapqUsF+nk30TN9Jc2mfNekQ5pxphy4PxmwNcdh:fgNfapyFeTN9Jc2mV0xptPxmwWL","tlshash":"a0a2d030ae38b913711e66bb1dcd5b31b7c04953f491de8fa85603a69b27b639260c1d","first_seen":"2025-12-04T02:48:57.346393Z","last_seen":"2025-12-04T02:48:57.346393Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/kyleeriches_-porn-video-with-lots-of-intense-lesbians.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/kyleeriches_-porn-video-with-lots-of-intense-lesbians.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:27:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce882-635c\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360946\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YWYtxbw1NevOYWdiipF6aekqn46I8NnRXmMBNExX7lD%2BFTTz0Ogb6J%2Fe1iEyfRdIwj8GA27Otfh1u%2FrFIw4RDe7fYjMfLMZD%2FReVESxHPw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea617131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25436,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 377x220, components 3","md5":"ac6ac1bd4656a1323dff8737ec9d8943","sha1":"9fc737ac1d125f986bf050b7e4f29be5554a673c","sha256":"7745a387943c1fa1403acf11345ddd588a4c0b73f30486828c8b00833885993c","sha512":"7d8db5ae0d2f89c42c53858aeac135a5405e903dbb323fb58c3a5ce804df06477936c7cf3654c2597fac76a7d64b74c7b7cfc90855af0e0e67faed765c162132","ssdeep":"768:sLBC2iHSDipKglMVItABx+nQm6jTBWVYq:sLcIeKk7eAaWb","tlshash":"c1b2e13d25ac9d844bfd1d0a13b7157e168ced64b4381962368ab2bc1fd54c19390f7b","first_seen":"2025-12-04T02:48:57.347463Z","last_seen":"2025-12-04T02:48:57.347463Z","times_seen":1,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Trucker-fucking-hard-with-an-American-slut.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Trucker-fucking-hard-with-an-American-slut.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:27:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce87a-56c9\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360946\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H4GtXU3n43q0YcsIJXwjCnoXGI5c5bmKWQQW7IhwGRIUIvZS%2B720uf69mOQ8xo7rNXWyiYeaZwsHj66B3K89LV%2FvzWpAstqcBNjcf5YXcA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea627131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22217,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 340x220, components 3","md5":"7a8c4b8e8466f15dc844b8b48f61e9d9","sha1":"e770b3802f7f37097692d5be923b4ba5bff97d2a","sha256":"1a81ce3f22355facc07971ffccbb670a4b40eefc278b308294a6348390c3e35c","sha512":"7a688fcee8d18c3c972c0327d312cb91272a770558016f15d42295dff82bda700f2baf8535ab4363696b924297df3e27ef29c05e6669c92ac5b9eca6edd500db","ssdeep":"384:aO+lGXOsxaH5Q7JM8aSl3shKoB/WvrsVBwCYzO4OnSiIwXcHt1hg:0WOuaZQu8am87B+j9FhiIwXg9g","tlshash":"7ca2d0c41703c767912ab93a7fa51e766a31475c7b0cc278cf821a9e0b1680bac73b57","first_seen":"2025-12-04T02:48:57.348804Z","last_seen":"2025-12-04T02:48:57.348804Z","times_seen":1,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"35.157.43.145","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://xxxdominicano.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=45c5d758-0aee-43b8-a2a9-757fc89f2eed:3:1; expires=Sun, 02 Dec 2035 02:48:24 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"84bb34084b8de8bfd069523ab5d9277f","sha1":"c9753db51dc5f760f12c59a04b550c13fa507a0b","sha256":"4faa7489650ff948377381478f1c672dd498dfd7a345028e5fb4ec957b48238b","sha512":"12cc139a130b8c8e8607c5dcadeb61c2e6532b471b3ff3e46d6be656096f2c8fd4d478028f939c8e030e8b47ee2e8e7fb80bc2480ce19aa983e79ec21df04372","ssdeep":"","tlshash":"6290047440003177555d71701cc541cd1015437cd1374554100ff031c5130730d00745","first_seen":"2025-12-04T02:48:57.350176Z","last_seen":"2025-12-04T02:48:57.350176Z","times_seen":1,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":78,"dns":1,"connect":20,"send":0,"wait":26,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/13/7c/c8/137cc8e201b2cedad58d986ae65bfac7/1708270647.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/13/7c/c8/137cc8e201b2cedad58d986ae65bfac7/1708270647.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:26 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 78744\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 18 Feb 2024 15:37:35 GMT\r\netag: \"65d2243f-13398\"\r\nexpires: Sat, 06 Dec 2025 02:48:26 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78744,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.5 (Windows), datetime=2024:02:18 13:54:47], progressive, precision 8, 728x90, components 3","md5":"ac586259b46ad0eb0380efdf19895477","sha1":"88692fbf3d4df861c355996a78f64d8930fda539","sha256":"25d86635d08522d65c823e3996783f4d4bd5a7e6fd715c87534684caf989dfa1","sha512":"4a5fa5aceb26f08d4d3ac3b9656d5bfa663948e8dfd000cfa3a259dd57471c977ad4d6e3d1acfa0f00d46943a3064f5b1736baa72a0349e89240e23ec4a425e9","ssdeep":"1536:GAYAkcbk3a0M8LahSybqkr1CRCkTgAy7IZfl6+ErYPyWQ:vlRbk3LLah5ekr1Cwkpy7ItXAYPLQ","tlshash":"957302658ff5ee60ffe427b9cc75c043a3022b8e95eb261a3f4cb581b762188984c1c5","first_seen":"2024-02-21T22:29:02Z","last_seen":"2026-04-19T15:32:26.792799Z","times_seen":816,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:24 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d18cc2c9cc1a81e7d0d7dfa09cf47a13\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":677,"timings":{"blocked":288,"dns":1,"connect":94,"send":0,"wait":97,"receive":0,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hardexpendstrategy.com/61fa5642046c4327085e4f22d6209b1b/invoke.js","fqdn":"hardexpendstrategy.com","domain":"hardexpendstrategy.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"hardexpendstrategy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 21:16:06 GMT","end":"Tue, 24 Feb 2026 21:16:05 GMT"},"fingerprint":{"sha1":"A8:FF:E5:8C:94:D6:8F:80:8D:5A:FD:72:26:C0:BD:D1:2B:18:DF:52","sha256":"A6:5C:D4:ED:34:D5:97:37:07:EC:2D:9B:F4:D4:BB:E0:F1:15:4A:03:37:14:CD:A6:87:7D:89:FB:A5:61:6A:77"}}},"request":{"raw":"GET /61fa5642046c4327085e4f22d6209b1b/invoke.js HTTP/1.1\r\nHost: hardexpendstrategy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:24 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18324\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 16\r\nHost: hardexpendstrategy.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 886e889237a5178b3cac9243659c7ecf\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46591,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46591), with no line terminators","md5":"8c2a2e504a4717bfcd73edc917fa8044","sha1":"5505773c03b9f1266aaa30acff878384e3b9fca8","sha256":"70ff0aec0bf831896e7934754b215387091072012590d2d45b1523a14366121a","sha512":"e6ce91643cae30635dd3bb013c61b179c1bfa99abf07508c18eec2f1eb3d60e32f941330b80cc9978f8114d579d6363d325e779d1ccc7b3c5674828db7f0967e","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qgyXy:CkurY7JfhAl9g5","tlshash":"c423d9887f90f75457567073723f800bb0156d60668cd8acd1a7d8e87eacb29f5327a8","first_seen":"2025-12-04T02:48:57.352547Z","last_seen":"2025-12-04T02:48:57.352547Z","times_seen":1,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-includes/js/wp-emoji-release.min.js?ver=6.9","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-includes/js/wp-emoji-release.min.js?ver=6.9 HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1; pp_main_5e5de3227afc7ac3a03bc643ab0fc1d6=1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:25 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 03 Dec 2025 09:34:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6930042c-58ea\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 60861\r\npriority: u=3,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qgqC43wzxh6m1nL1oSM9hnmiFFGpJ0gKGo%2BiumcvoBytPv73mvLAUQgVtrymQkZWOksi1S6pTi3PzKblJBnUatBLbiqXv6kDxux%2BzvKEUA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc158a827131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22762,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19823)","md5":"f0cc9ba5cf46af0cd73d521803e3b07e","sha1":"7d2a74f87dc70a39eccce3bae1d4cc404cb134f4","sha256":"fd59b0ebf6282ed71647bf2f6e0d1925bbfd1f270865a832079ebb60259aabca","sha512":"7ec44f08676c195547a623504c7105ef3d0acea5839675599598043f3e0b5a3386452e3db6fbea90722f7be9e6effdae1b89c49e2b05b22b8c415616e07d471d","ssdeep":"384:WzevzApRZTbXU/3o//bEPhXgA5POkpJTX:Wsk9XU/3o//YpXgAs+hX","tlshash":"7fa2959ba33a4e8f343e3bd78d968f4dc9da555321c0e079dbefb6c169a00568274c80","first_seen":"2025-11-10T19:52:32.864936Z","last_seen":"2026-04-20T14:01:44.72726Z","times_seen":158066,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/impr.gif?sid=H4sIAAAAAAAC_1STzYscRRjGqzchF8Fv9OJhBA8q7mxVd1V_mIO4xsjiJlmSSA4epD435fZ0tV3d07N7CgYk4GXAS46972yyqEEMgjchzOaiQSXjaQ_Zi-A_IOQoMpuF1ffwftSvDs9bPPXFdnOAImj4_to5t2XznC-xPu69fsUWyrW-d_5yj-A-Pt27YouYnu6N5qkavk0i2sdv9D7QcsMthZhgTDDpnbWVNm60dEjBlncy0s9wn4Z9wiiMqv_PvgnA8wDU8AA9D1bNnvnTfAxWTqEYfH9G-43alW-9P2hyXrsKhmr3o2KjcG0Bg-PWVAGYYvfoNjg_Q-jmArhi92gDcMOd-QYg7AwtvPQIRLF7JBPE8NYTpSIHXYBQT0E7nILO98DyKUh3Hax6iACkgvMXoBjcPu-qlm8-oXxOZ-jk47_BtjN08tGLUAy-W87tqHfJ5U1tXeFhZDqwoynY9SmUzR7UWwHYdg9k_TlY9RtaerwKxWDngs8dWLX_WhZHUiUqXqRppBepZGIxjSKxSBShJhIZ1Tg8fCJrpsD9AjQ-gMYG0JgAmjKAgdrvUZxSSXgUm0zJBFNOqdICZ2mIMc9kAo2cax9DXY5B5mOQ1TUoq2uwYb96OPx9htD9T16FqrkH_ur-j1gmRjGRxmmqSBQRarLUhIRxIbFhBkcq4ZowlbEkkyzUCc5oLGhGWCIykqTcZFKnaSIIwzE2Oo41N6lhVIUxC7OYJTTSVOGYUqJ0ipkJE8ZoyAxLUiy4UAorQ2OZSpaoOI6FDlMSJyRlCschCeOEhSzkSaKJYlEUhiKNMHgVgK8RDFUHrUbQegQtR9BaBG2NoB12t1TuQ9_dVrlvBDmq4VGNuomr17f5LVev6wIBr8ZQqW7Hlp_56yDrE5Mt49XEzRMXdTfhQnXb5QF6bm6LYG3lH9jQ-72YGM5iGmIaSxqFCU6ZpiYMVRziTBAB3nZg_QJwH8CWnSF68wco7Qyd-vlXEHwPfL4H0j4LvHkZeDtJwhT4VcgwbBV3R6ORcgNbWMkL15duAMp1UNYnod4MtvMD9MLk4uXle4c-XT03Bi0foKMAWXVQVh18au8jWM9vTC66Fu1cdK1Hdy-UtR3YLT738KWa1_rUNx_qzdZVauWMH3_9rpyDeXvnsvb1Ki-ULdY9-nbZKqWrs66SGv204q9osdb4q8tNVTTl6tp7Z1cGZaW9t66YArcP9S8g7Qw9_dfw8He--eUrIMtr4Mtjld4hECWC3CLI9fE5Fx34_8ziuN_2N2C9CoDX16EYdDCsOhjmHfB8DL45ManL6sE7f0SHASIPJiKv0I7Iqzm3-z0T6VBinCYxiVKjSUSVNCylmYo5jiINtZ9Z_Hjz3wAAAP__JrrlIzsFAAA=","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.222Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1STzYscRRjGqzchF8Fv9OJhBA8q7mxVd1V_mIO4xsjiJlmSSA4epD435fZ0tV3d07N7CgYk4GXAS46972yyqEEMgjchzOaiQSXjaQ_Zi-A_IOQoMpuF1ffwftSvDs9bPPXFdnOAImj4_to5t2XznC-xPu69fsUWyrW-d_5yj-A-Pt27YouYnu6N5qkavk0i2sdv9D7QcsMthZhgTDDpnbWVNm60dEjBlncy0s9wn4Z9wiiMqv_PvgnA8wDU8AA9D1bNnvnTfAxWTqEYfH9G-43alW-9P2hyXrsKhmr3o2KjcG0Bg-PWVAGYYvfoNjg_Q-jmArhi92gDcMOd-QYg7AwtvPQIRLF7JBPE8NYTpSIHXYBQT0E7nILO98DyKUh3Hax6iACkgvMXoBjcPu-qlm8-oXxOZ-jk47_BtjN08tGLUAy-W87tqHfJ5U1tXeFhZDqwoynY9SmUzR7UWwHYdg9k_TlY9RtaerwKxWDngs8dWLX_WhZHUiUqXqRppBepZGIxjSKxSBShJhIZ1Tg8fCJrpsD9AjQ-gMYG0JgAmjKAgdrvUZxSSXgUm0zJBFNOqdICZ2mIMc9kAo2cax9DXY5B5mOQ1TUoq2uwYb96OPx9htD9T16FqrkH_ur-j1gmRjGRxmmqSBQRarLUhIRxIbFhBkcq4ZowlbEkkyzUCc5oLGhGWCIykqTcZFKnaSIIwzE2Oo41N6lhVIUxC7OYJTTSVOGYUqJ0ipkJE8ZoyAxLUiy4UAorQ2OZSpaoOI6FDlMSJyRlCschCeOEhSzkSaKJYlEUhiKNMHgVgK8RDFUHrUbQegQtR9BaBG2NoB12t1TuQ9_dVrlvBDmq4VGNuomr17f5LVev6wIBr8ZQqW7Hlp_56yDrE5Mt49XEzRMXdTfhQnXb5QF6bm6LYG3lH9jQ-72YGM5iGmIaSxqFCU6ZpiYMVRziTBAB3nZg_QJwH8CWnSF68wco7Qyd-vlXEHwPfL4H0j4LvHkZeDtJwhT4VcgwbBV3R6ORcgNbWMkL15duAMp1UNYnod4MtvMD9MLk4uXle4c-XT03Bi0foKMAWXVQVh18au8jWM9vTC66Fu1cdK1Hdy-UtR3YLT738KWa1_rUNx_qzdZVauWMH3_9rpyDeXvnsvb1Ki-ULdY9-nbZKqWrs66SGv204q9osdb4q8tNVTTl6tp7Z1cGZaW9t66YArcP9S8g7Qw9_dfw8He--eUrIMtr4Mtjld4hECWC3CLI9fE5Fx34_8ziuN_2N2C9CoDX16EYdDCsOhjmHfB8DL45ManL6sE7f0SHASIPJiKv0I7Iqzm3-z0T6VBinCYxiVKjSUSVNCylmYo5jiINtZ9Z_Hjz3wAAAP__JrrlIzsFAAA= HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzOTAzOCwiayI6IjYxZmE1NjQyMDQ2YzQzMjcwODVlNGYyMmQ2MjA5YjFiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyMywicHQiOjQsInBrIjoidjkzdGdrN3IiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.ILzQ5ASexXfPuQImxhEB_q2eeDZt8hwcZa16bM980p8; uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1; u_pl22039038=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:26 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8a4b2b44d8331f0fb70f5838b5134947\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/themes/ultimatube/assets/js/skip-link-focus-fix.js?ver=1.0.0","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/themes/ultimatube/assets/js/skip-link-focus-fix.js?ver=1.0.0 HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 13 Nov 2025 22:49:53 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69166091-2ab\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360950\r\npriority: u=3,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lqh%2FyRsCbWcGchteNfpeVdVYumI66ZLmbc%2FEzope7ZFxoPRRngc0iQkMUpTrW9V6JsCH3uA74iLMqy6GdLKq3xEJewzAhj7wQLyZISnqNg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0e0a757131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":683,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"75abd4cd8807b312f9f7faeb77ee774b","sha1":"e7b7a7ed06d0123ab8667a1d1eeb23de9f2bece7","sha256":"ca424c0181141900220a19f998ffa7660380bc99ab99557ad458a083251f7034","sha512":"c9f1f752994f1361555680ca5a60339fda152587ccc055db20148c086d82846887dd0801187aa033829b7d5eb9644b9391f493965eee35b4a1592f82cbb36aa4","ssdeep":"","tlshash":"bb01cbb6b30d44b604aa32178d5f61cd297d91e3a829649b8cc909502924c6d23befb8","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-04-20T11:21:39.820869Z","times_seen":10951,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hardexpendstrategy.com/8f6edd1e8ad7befc4a63b2a2e89e457d/invoke.js","fqdn":"hardexpendstrategy.com","domain":"hardexpendstrategy.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"hardexpendstrategy.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 26 Nov 2025 21:16:06 GMT","end":"Tue, 24 Feb 2026 21:16:05 GMT"},"fingerprint":{"sha1":"A8:FF:E5:8C:94:D6:8F:80:8D:5A:FD:72:26:C0:BD:D1:2B:18:DF:52","sha256":"A6:5C:D4:ED:34:D5:97:37:07:EC:2D:9B:F4:D4:BB:E0:F1:15:4A:03:37:14:CD:A6:87:7D:89:FB:A5:61:6A:77"}}},"request":{"raw":"GET /8f6edd1e8ad7befc4a63b2a2e89e457d/invoke.js HTTP/1.1\r\nHost: hardexpendstrategy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18353\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: hardexpendstrategy.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6528b78aad3f4faaa984289052c32d82\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46640,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46640), with no line terminators","md5":"6e61a3ba52868b71885d3c55a9ce7b60","sha1":"7275880f22b2aeea22fdfa7c0b4c9595ad78cd91","sha256":"5e6f8d70e1b7b4ab9fbe9dff585618a7cd5adbc77f32d9b227092659a8046b75","sha512":"2471f762253d74d27a33254b559c65761698c752e61cecf722635691a754b170eb1c62ed75695803251fde39b80c2d4e67dd179da971103cfd404c5a3c6fbca4","ssdeep":"768:CssLt+urzIyrxj4oolttYllJz4c5sfH6lmhj8ehArp76qnyXy:CkurY7JfhAl9n5","tlshash":"9e23d8887f90f75457967073723f800bb0156d60668cd8acd1a7d8e87eacb29f5327a8","first_seen":"2025-12-04T02:48:57.339672Z","last_seen":"2025-12-04T02:48:57.339672Z","times_seen":1,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"hardexpendstrategy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/impr.gif?sid=H4sIAAAAAAAC_1STzWsdVRjGz6SlG8Gvim6v4ELF3Jyv-bILMdZKMLahrRRxIedr0mPmzhnnzNy5yapYkS4DbrqcvDdtUItYBHdCuelGi0qvqyyajX9CoUuRm16Ivov34zxn8XsPz_l6pzlEDBpxsPaR27J5LpbCPu69fsUW2rW-d_5yj-A-PtO7YouIn-mNZqkavk0Y7-M3eh8YteGWKCYYE0x652xlMjdaOlLBlndS0k9xn9M-CTmMqv_PvgnAiwD08BC9CFZPn_s7-xSsmkAx-PGs8Ru1K996f9DkonYVDPXex8VG4doCBsdtVgWQFXvz2-D8FKGbC-CKvfkG4Ia7sw1A2ilaePkRyGJvjglyeOspqczBFCD1M9AOJ2DyfbBiAspdB6sfIgCl4fwFKAa3z7uqFZtPVTFTp-jkk8dg2yk6-eglKAY_LOd21Lvk8qa2rvAwyjqwownY9QmUzT7UWwHYdh9U_SVY_QdaerIKxWD3gs8dWH3wWhoxpWMdLfKEmUWuQrmYMCYXiSY8YzLlBtOjJ7LZBIRfgMYH0NgAmiyApgxgoA96HCdcEcGiLNUqxlxwro3EaUIxFqmKoVEz9m2oy21Q-Tao6hqU1TXYsN88HP45Rej-Z69C1dwDf_XgZx5TSYmiiQwZSwgVlCgiRBwxY3Aap5kOWcLDMKKUY8p0SokQxkiaxgxHVKapSFOZSYNZRLKIMx5lOAo1ldJww6iUacgkwTQOJRGah9rgOAlDkuI4VYyYhLBYMqy05pIJSiUjQhOts8RIFoahpCpOlDIzioQJkwmFKXgdgK8RDHUHrUHQegStQNBaBG2NoB12t3Tuqe9u69w3kswrnVfWjV29viNuuXrdFAhEtQ2V7nZt-YW_Dqo-Md7KvB67WRKy7sZC6m6nPEQvzGwRrK38AxvmoBeRTIQRp5hHijMa4yQ0PKNURxSnkkjwtgPrF0D4ALbsFPGbP0Fpp-jUr7-DFPvg831Q9nkQzSsg2nFMExBXIcWwVdwdjUbaDWxhlShcX7kBaNdBWZ-EejPYyQ_R6fHFy8v3jny6-tUnYNQDNA9QVQdl1cHn9j6C9fzG-KJr0e5F13p090JZ24HdEjMPX6pFbU5996HZbF2lV8767W_fVTNh1t65bHy9Kgpti3WPvl-2WpvqnKuUQb-s-CtGrjX-6nJTFU25uvbeuZVBWRnvrSsmIOxD8xsoO0XPPj599DvfvB2DKq-BL48pvUMgSwS5RZCb43MhO_D_meVxv-NvwHoVgKivQzHoYFh1MMw7EPk2-ObEuC6rB-_8xY4CZB6MZV6hXZlXM90e9DJmqMI4iSPCkswQxrXKwoSnOhKYMQO1n1r8ZPPfAAAA__-piMJjOwUAAA==","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1STzWsdVRjGz6SlG8Gvim6v4ELF3Jyv-bILMdZKMLahrRRxIedr0mPmzhnnzNy5yapYkS4DbrqcvDdtUItYBHdCuelGi0qvqyyajX9CoUuRm16Ivov34zxn8XsPz_l6pzlEDBpxsPaR27J5LpbCPu69fsUW2rW-d_5yj-A-PtO7YouIn-mNZqkavk0Y7-M3eh8YteGWKCYYE0x652xlMjdaOlLBlndS0k9xn9M-CTmMqv_PvgnAiwD08BC9CFZPn_s7-xSsmkAx-PGs8Ru1K996f9DkonYVDPXex8VG4doCBsdtVgWQFXvz2-D8FKGbC-CKvfkG4Ia7sw1A2ilaePkRyGJvjglyeOspqczBFCD1M9AOJ2DyfbBiAspdB6sfIgCl4fwFKAa3z7uqFZtPVTFTp-jkk8dg2yk6-eglKAY_LOd21Lvk8qa2rvAwyjqwownY9QmUzT7UWwHYdh9U_SVY_QdaerIKxWD3gs8dWH3wWhoxpWMdLfKEmUWuQrmYMCYXiSY8YzLlBtOjJ7LZBIRfgMYH0NgAmiyApgxgoA96HCdcEcGiLNUqxlxwro3EaUIxFqmKoVEz9m2oy21Q-Tao6hqU1TXYsN88HP45Rej-Z69C1dwDf_XgZx5TSYmiiQwZSwgVlCgiRBwxY3Aap5kOWcLDMKKUY8p0SokQxkiaxgxHVKapSFOZSYNZRLKIMx5lOAo1ldJww6iUacgkwTQOJRGah9rgOAlDkuI4VYyYhLBYMqy05pIJSiUjQhOts8RIFoahpCpOlDIzioQJkwmFKXgdgK8RDHUHrUHQegStQNBaBG2NoB12t3Tuqe9u69w3kswrnVfWjV29viNuuXrdFAhEtQ2V7nZt-YW_Dqo-Md7KvB67WRKy7sZC6m6nPEQvzGwRrK38AxvmoBeRTIQRp5hHijMa4yQ0PKNURxSnkkjwtgPrF0D4ALbsFPGbP0Fpp-jUr7-DFPvg831Q9nkQzSsg2nFMExBXIcWwVdwdjUbaDWxhlShcX7kBaNdBWZ-EejPYyQ_R6fHFy8v3jny6-tUnYNQDNA9QVQdl1cHn9j6C9fzG-KJr0e5F13p090JZ24HdEjMPX6pFbU5996HZbF2lV8767W_fVTNh1t65bHy9Kgpti3WPvl-2WpvqnKuUQb-s-CtGrjX-6nJTFU25uvbeuZVBWRnvrSsmIOxD8xsoO0XPPj599DvfvB2DKq-BL48pvUMgSwS5RZCb43MhO_D_meVxv-NvwHoVgKivQzHoYFh1MMw7EPk2-ObEuC6rB-_8xY4CZB6MZV6hXZlXM90e9DJmqMI4iSPCkswQxrXKwoSnOhKYMQO1n1r8ZPPfAAAA__-piMJjOwUAAA== HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzOTAzOCwiayI6IjYxZmE1NjQyMDQ2YzQzMjcwODVlNGYyMmQ2MjA5YjFiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyMywicHQiOjQsInBrIjoidjkzdGdrN3IiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.ILzQ5ASexXfPuQImxhEB_q2eeDZt8hwcZa16bM980p8; uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1; u_pl22039038=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 332262cdf004174d5d69447fecdb3338\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/67/b9/26/67b9261beabf93b934779ff7e369e0de/1716369473.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/67/b9/26/67b9261beabf93b934779ff7e369e0de/1716369473.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:25 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 71789\r\nserver: nginx/1.21.6\r\nlast-modified: Wed, 22 May 2024 09:18:01 GMT\r\netag: \"664db849-1186d\"\r\nexpires: Sat, 06 Dec 2025 02:48:25 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":71789,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 300x250, components 3","md5":"2d281de4129fb09c0e095c5b9beeb115","sha1":"bf238757cb5055f99aeb9911d422850a56fe2c39","sha256":"c8d22cd8ebf01584785595b2ef4f82c1b677742241f562a0aca5c775a4229980","sha512":"691449a4121ac939c8bbb0577b088db9e73847ceef1272bdf9185af214c8fe6e3059567b1106e3e578aac81c8955e8c6c41d4297905c94a41557c87183a56599","ssdeep":"1536:avFROnLOIPttKlCp/vWtTmvx8QTWiC+up1Enc36bVnzZ:av6xKlC3O7D3++36bht","tlshash":"616301bbf9438d8894a878fe76669a17895f2dc8cfc70677304c4aa4bd5012977a40cd","first_seen":"2024-04-07T20:29:01Z","last_seen":"2026-04-19T09:24:20.645616Z","times_seen":296,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":61,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/watch.462151049078.js?key=8f6edd1e8ad7befc4a63b2a2e89e457d\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=36fcf6fd34ebad630113a98ec1ccac823dd5ecce903048e6b5ad8d701e4d197919c6ecb42fc0291fd7bebdfecbfe637cf4b71dedbd001a509f916e3fa44be37ea9b1d1a1463790d00838c8476ad344558cb7f03966285a708c1b19\u0026pst=1764816565\u0026rmtc=t","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /watch.462151049078.js?key=8f6edd1e8ad7befc4a63b2a2e89e457d\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=36fcf6fd34ebad630113a98ec1ccac823dd5ecce903048e6b5ad8d701e4d197919c6ecb42fc0291fd7bebdfecbfe637cf4b71dedbd001a509f916e3fa44be37ea9b1d1a1463790d00838c8476ad344558cb7f03966285a708c1b19\u0026pst=1764816565\u0026rmtc=t HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzODY2NSwiayI6IjhmNmVkZDFlOGFkN2JlZmM0YTYzYjJhMmU4OWU0NTdkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJweDJ6MDl6NiIsImNwa3MiOnsiMjkiOiI1MjNiZWI3ZTVlN2I0NjY3YjUzYzRkMDUwYzNlYmU5MyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.pNzYoQxkVbAeCDyC8aKeE1-nCeSPHSD7rCJOChWvoIU; uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1; u_pl22038665=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:26 GMT\r\nContent-Type: text/html\r\nContent-Length: 2711\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://xxxdominicano.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1; expires=Thu, 11 Dec 2025 02:48:26 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Fri, 05 Dec 2025 02:48:26 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Fri, 05 Dec 2025 02:48:26 GMT; path=/; secure; SameSite=None\npdhtkv5=true; expires=Fri, 05 Dec 2025 02:48:26 GMT; path=/; secure; SameSite=None\nuncs5=1; expires=Fri, 05 Dec 2025 02:48:26 GMT; path=/; secure; SameSite=None\nu_pl22038665=1; expires=Fri, 05 Dec 2025 02:48:26 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 7\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c0820ce2ae22e3d547d8c59d0f00afed\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5382,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (2898), with CRLF, LF line terminators","md5":"adfa48fa2f47484f6e27e0cf8949e137","sha1":"5f91625cae30cc75569ede09ad8f9df971348e86","sha256":"97e4ee7981556b520c2947f0432ac8ccf3619b5273ff0edc79b755b4d26fcc1f","sha512":"4450e712a4da397f389e2306a3324291170b644c6b5b4c9917433a66455973d396d3b18af063cc37f54c4f4fd8e0edf44611261c21b8df065f2715bb7def0793","ssdeep":"96:+V9ljcEZ+oz3+flpKdH70JiYYn3Ly3c9MKdH70JiYYn3Lyn4V41wD8+oCfMEDaH:+V9ljNz6PKdH70JiJ7GcSKdH70JiJ7jQ","tlshash":"afb13ab4dfb704adb90a30bd748a25099b60401f1a02d582b84ed0d4df8a79636adec8","first_seen":"2025-12-04T02:48:57.355651Z","last_seen":"2025-12-04T02:48:57.355651Z","times_seen":1,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/impr.gif?sid=H4sIAAAAAAAC_1RTPWwdRReddfKl-Yp8P4j6IVEQKbZnd_aXFAiTBCJCYiVBKSjQ_K0zeN_OsrP79tlVRCQInSWalOvznFhAhIiQ6JAiOw1EgPJSWSJu6GmQUqPnWDLc4t5z54w0547O_XSz3ScMLd9bfs-um6Lgi9ECHbx23ZTKdm5w6drApwv0zOC6KePwzGA8S_XodZ-FC_TU4G0tV-1iQH1KfeoPzpta53a8eMDCVPczfyGjC2Gw4EchxvU_e9d6cNyDGu2T_8Go6cnf8w9g5A7K4bdntVttbHX63LAteGNrjNT2--VqabsSwyOY1x7ycvvwNqybEnJnDrbcPpwAdrQ1mwDCTMncy88gyu1DmRCjuy-UigK6hFD_RjfagS52YfgOpL0Fo54QQCpcuoxyeO-SrTu-9oLlM3ZKjj__E6abkuPPXkI5_GapMOPBVVu0jbGlwzjvYcY7MCs7qNpdNOseTLcL2XwCo34hi88vohxuXXaFhVF7r2YxkypR8XyYMj0fykjMp4yJeV_5Yc5EFmoaHHyRyXfA3Rxa56E1HtrcQ1t5GKq9QUjTUPqcxXmmZEJDHoZKC5qlAaU8kwlaOdO-gabagCw2IOubqOqbWDVfPBn9OiXk0YevoG4fwt3Y-372ZJDTPBMi1VqxnEqVJ3mcpj7PlWQ8lnHIEiVZ4iuVxjpSPpNJzgOtVBwzTYMs0FqEYRhnUabzSCvNo5wxHsSRjgVPEpmwgGlf6dgPAy79zOcs4izKWKAjnqYy4lHg68xnURTFPstl4gdpICjL_FxREeiEZiwKI8b8OJE6zeCUB9cQjFSPThN0jqDjBJ0h6BqCbtTfVYULXH9PFa4V_mENDivrJ7ZZ2eR3bbOiSwJeb6BW_ZapPna3IJtjk_XcqYmdJS6afsKF6jerffLfmS285Xc-x6reG6R5rJXydcpVInQuQx4zEfBAp5kOo0TBmR7GzYE7D-tmSsI736EyU3Lix58h-C5csQtp_gPe_gu8mzBKwW9MgohivXwwHo-VHZrSSF7aBWmHULZH1RxHs-ZtFvvk_5Mr15YeHhh1-dxn0PIxOQzIukdV9_jIPCJYKW5PrtiObF2xnSMPLleNGZp1PjPx1YY3-sRX7-q1ztbqwlm38eWbckbM4P1r2jUXealMueLI10tGKV2ft7XU5IcL7roWy627sdTWZVtdXH7r_IVhVWvnjC13wM0T_ROkmZKTf_x2sJ6nn56CrG7CVUcqnSUQFUFhCAp9dM5FD_e3XhzhTXcbK7UH3txCOewxqnuMih682IBrj02aqn78xlN2EBCFNxFFTbZEUc94szfImQ4kpWkS-yzNtc9CJfMoDTMVc8qYRuOmhj5f-ysAAP__q03T6TwFAAA=","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTPWwdRReddfKl-Yp8P4j6IVEQKbZnd_aXFAiTBCJCYiVBKSjQ_K0zeN_OsrP79tlVRCQInSWalOvznFhAhIiQ6JAiOw1EgPJSWSJu6GmQUqPnWDLc4t5z54w0547O_XSz3ScMLd9bfs-um6Lgi9ECHbx23ZTKdm5w6drApwv0zOC6KePwzGA8S_XodZ-FC_TU4G0tV-1iQH1KfeoPzpta53a8eMDCVPczfyGjC2Gw4EchxvU_e9d6cNyDGu2T_8Go6cnf8w9g5A7K4bdntVttbHX63LAteGNrjNT2--VqabsSwyOY1x7ycvvwNqybEnJnDrbcPpwAdrQ1mwDCTMncy88gyu1DmRCjuy-UigK6hFD_RjfagS52YfgOpL0Fo54QQCpcuoxyeO-SrTu-9oLlM3ZKjj__E6abkuPPXkI5_GapMOPBVVu0jbGlwzjvYcY7MCs7qNpdNOseTLcL2XwCo34hi88vohxuXXaFhVF7r2YxkypR8XyYMj0fykjMp4yJeV_5Yc5EFmoaHHyRyXfA3Rxa56E1HtrcQ1t5GKq9QUjTUPqcxXmmZEJDHoZKC5qlAaU8kwlaOdO-gabagCw2IOubqOqbWDVfPBn9OiXk0YevoG4fwt3Y-372ZJDTPBMi1VqxnEqVJ3mcpj7PlWQ8lnHIEiVZ4iuVxjpSPpNJzgOtVBwzTYMs0FqEYRhnUabzSCvNo5wxHsSRjgVPEpmwgGlf6dgPAy79zOcs4izKWKAjnqYy4lHg68xnURTFPstl4gdpICjL_FxREeiEZiwKI8b8OJE6zeCUB9cQjFSPThN0jqDjBJ0h6BqCbtTfVYULXH9PFa4V_mENDivrJ7ZZ2eR3bbOiSwJeb6BW_ZapPna3IJtjk_XcqYmdJS6afsKF6jerffLfmS285Xc-x6reG6R5rJXydcpVInQuQx4zEfBAp5kOo0TBmR7GzYE7D-tmSsI736EyU3Lix58h-C5csQtp_gPe_gu8mzBKwW9MgohivXwwHo-VHZrSSF7aBWmHULZH1RxHs-ZtFvvk_5Mr15YeHhh1-dxn0PIxOQzIukdV9_jIPCJYKW5PrtiObF2xnSMPLleNGZp1PjPx1YY3-sRX7-q1ztbqwlm38eWbckbM4P1r2jUXealMueLI10tGKV2ft7XU5IcL7roWy627sdTWZVtdXH7r_IVhVWvnjC13wM0T_ROkmZKTf_x2sJ6nn56CrG7CVUcqnSUQFUFhCAp9dM5FD_e3XhzhTXcbK7UH3txCOewxqnuMih682IBrj02aqn78xlN2EBCFNxFFTbZEUc94szfImQ4kpWkS-yzNtc9CJfMoDTMVc8qYRuOmhj5f-ysAAP__q03T6TwFAAA= HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzODY2NSwiayI6IjhmNmVkZDFlOGFkN2JlZmM0YTYzYjJhMmU4OWU0NTdkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJweDJ6MDl6NiIsImNwa3MiOnsiMjkiOiI1MjNiZWI3ZTVlN2I0NjY3YjUzYzRkMDUwYzNlYmU5MyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.pNzYoQxkVbAeCDyC8aKeE1-nCeSPHSD7rCJOChWvoIU; uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1; u_pl22038665=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 85bb7032a6320342f3dfa7ab1642ca43\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tm5r00enbwg8.n4.adsco.re/","fqdn":"tm5r00enbwg8.n4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"38.132.109.126","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.n4.adsco.re","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 09:14:20 GMT","end":"Wed, 11 Feb 2026 09:14:19 GMT"},"fingerprint":{"sha1":"FB:34:12:01:B6:D1:B3:BD:9C:64:10:4B:29:6B:C7:44:FD:21:82:69","sha256":"D8:BD:52:A0:9E:11:2A:7E:51:D4:43:1D:9D:F7:F0:66:68:70:DF:0B:20:4A:38:60:4C:B5:37:82:2C:42:01:6B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tm5r00enbwg8.n4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:26 GMT\r\ncontent-type: text/html\r\ncontent-length: 0\r\nlast-modified: Fri, 16 Jun 2023 08:37:42 GMT\r\netag: \"648c1f56-0\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":836,"timings":{"blocked":364,"dns":118,"connect":87,"send":0,"wait":87,"receive":0,"ssl":178},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 09 Jun 2023 05:49:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6482bd64-3509\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360950\r\npriority: u=2,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v0HRojlMiNQMquJNyPvYDSEZFiq3Vc2qbdSkzJb2IR9bOMWRJBiJ4%2BkGw0d2tbq33f%2FCz9q3g3dIShBd23b4LzIoLY2gt5aYaV8%2BEHBhWQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dda597131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-20T14:00:50.222789Z","times_seen":677643,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Dominicana-Lil-Bebe-Follando-De-A-Duro.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Dominicana-Lil-Bebe-Follando-De-A-Duro.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce871-26de0\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 95624\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5PRNv3UQqB2Cp4e3yTqaxkWHwlNBskdgROElTDatR5SStmArsQQJnJDA%2BtmGbXPKSXMuYI%2B04DP9G5tdkBx9KTbZP2pnGjv5%2BOsEpUsIiQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea657131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":159200,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 220, 8-bit/color RGB, non-interlaced","md5":"35d159ddfab6f91aa937638b2a216f68","sha1":"a2fb9a23ce16bbe47a325238eb44434ad59f5551","sha256":"40bc111b5e87eedcc2120dac4fa87849667c6544ce564fe54c92a59e1e73e72d","sha512":"d8a45d123cbec8d9f74fcea32689f92852c3834956c043598b41decd9073271338c2f24c63be6ef71dda789c1e3c69f58d463282934efdf1a71d6877ffeed2a7","ssdeep":"3072:XquCbLxreJUlOihcCuX18NLa6+EcdHiQIz2OXOtYe6OzPjmjSdGh0m:6uCbxeJUYiMXWNLa6Vr21tFzDq1H","tlshash":"caf3121f24305f460e4dcf5baa5c81e619cfea99fde2518b329c22985c3342f6018df6","first_seen":"2025-12-04T02:48:57.357462Z","last_seen":"2025-12-04T02:48:57.357462Z","times_seen":1,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":123,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 02 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 02 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 113148\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-20T13:59:38.920906Z","times_seen":751132,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":127,"dns":0,"connect":20,"send":0,"wait":22,"receive":28,"ssl":105},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Juliana-Palvin-Follando-Rico-Con-Su-Hermanastro.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Juliana-Palvin-Follando-Rico-Con-Su-Hermanastro.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:27:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce891-2941e\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360948\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jTh8l%2FOQSoe954Tw6zAoNKxBya3vmqDJtgGMPQRNPoSZJFdvQYosJZk3Wh9QtYe%2FNs0lWnh8Cfib1lMF9od0uZ8nGhQuTYDXKPZWui3qEg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dda5b7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":168990,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 390 x 220, 8-bit/color RGB, non-interlaced","md5":"b4e6bdb5cce33ae04570eeacac1cac1c","sha1":"e477c076922b451934c7e092d691b16d8dca3a9e","sha256":"7de3bc764fb6bdab9145d3a2e9da8c2b7ef9a1887c5132c48e484406c1533440","sha512":"0d73ac6f7f21c83e7c07bf185a4eca5bbb421804c525fedb6a8abe6354505b7cb041fe6ea1044ea845a1895993abb34279b5c34a77ecd2f3ca0235ffbffbda8d","ssdeep":"3072:ENskx3zt9iN027RDKLM8VikcT+l2NVVuVoqLg5lEMrDI+JOBAj:ENvx3zyN/7RGLV2NHs0Jr7Oa","tlshash":"b4f313dfc85eacc2ee0325f7a771812b2489354bb471633a21da7006ab5d77408adf6d","first_seen":"2025-12-04T02:48:57.362453Z","last_seen":"2025-12-04T02:48:57.362453Z","times_seen":1,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":123,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Thalia-And-Felipe-Follando-Luego-De-Sus-Ejercicios.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Thalia-And-Felipe-Follando-Luego-De-Sus-Ejercicios.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:23 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce84f-68e3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 250752\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QBTOm9uUmOpLAmh%2F6dDa5yL0bq4Fj%2F7nQyWGI5YSe4zVswYmKJNqZ%2FRtNV7UlN147S%2BrmctvkvBkvl51gwjY2HUh8YUauz6mP0FTItQpbg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0e0a727131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26851,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 367x220, components 3","md5":"e948db9678330d2ff1f4485b46fc627d","sha1":"2c9d742fff2a2e1168674008567c6a2e92ad536a","sha256":"666dd56534a96ed9ee483b2533210e8035848a3abc35af1f441d4cbfc3b36ab8","sha512":"9f87285a49036a0afa76ec70de555622bcd7dc6e4080dd0df13d8766113d0ab37a28b8f5c09fede8c6af929920fcc7d878dc25ab92925e199ab12af833087239","ssdeep":"384:35A87Ta0UBtHLW/Uh/djuV0P8/2o5VTwvDFFirgAMMnCtnuIOW62KXZ4Tj1goht:3egTOtachEV0U/rwT2BMMMuIOWy+T3ht","tlshash":"59c2e12700175dc4d96e6b3ae0f0257add7c9f9952ba4bf974a87422037f389c066f81","first_seen":"2025-12-04T02:48:57.363462Z","last_seen":"2025-12-04T02:48:57.363462Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/watch.319553895330.js?key=8f6edd1e8ad7befc4a63b2a2e89e457d\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=4e022f0f9bb8eed3f0cdf7f6881afdc3a6c6437dc371dd86e5d13c7fa2edd663e0292eeb4446959ef5edea5f33a265e6ba77c7323e1de6142ac191a35a35932e5a88c5a521e913555613fc71282b0391fd0b2e709354533167ce89\u0026pst=1764816565\u0026rmtc=t","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /watch.319553895330.js?key=8f6edd1e8ad7befc4a63b2a2e89e457d\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=4e022f0f9bb8eed3f0cdf7f6881afdc3a6c6437dc371dd86e5d13c7fa2edd663e0292eeb4446959ef5edea5f33a265e6ba77c7323e1de6142ac191a35a35932e5a88c5a521e913555613fc71282b0391fd0b2e709354533167ce89\u0026pst=1764816565\u0026rmtc=t HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzODY2NSwiayI6IjhmNmVkZDFlOGFkN2JlZmM0YTYzYjJhMmU4OWU0NTdkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJweDJ6MDl6NiIsImNwa3MiOnsiMjkiOiI1MjNiZWI3ZTVlN2I0NjY3YjUzYzRkMDUwYzNlYmU5MyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.pNzYoQxkVbAeCDyC8aKeE1-nCeSPHSD7rCJOChWvoIU\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: text/html\r\nContent-Length: 3675\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://xxxdominicano.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1; expires=Thu, 11 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\npdhtkv5=true; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\nuncs5=1; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\nu_pl22038665=1; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 17\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: be61deaaa34a829e51b358877f354dcf\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5270,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (2842), with CRLF, LF line terminators","md5":"9d9b4f14c9e97ff50a538d3615329439","sha1":"a49ea1787d48c057a3e45ecf48c3fb7c7b6b8a64","sha256":"29c266bbd3a1ce183e010eeb585dce136844d4b174b94f756f5f6f66e606592f","sha512":"0392bc71591d4ba06feb0b0639ff823beafdb1504e9327138764e330d4bfeb6a663e873af31a572bccd50b6d84fd473d3c6ce828badf539ef7343726842617d6","ssdeep":"96:+V9JrMozwCNfl5e/yUepVTmzuYke9mWU86c7B4x/eYvXbcvupar41wD8+oCfMEDM:+V9JrFzt3UlrkeYhjc+deyrcA48+oCkL","tlshash":"1fb14c7a4f99103aa552f06e217fa60c3f66d2071108d60abc8cd7421fb06e855eefdc","first_seen":"2025-12-04T02:48:57.364302Z","last_seen":"2025-12-04T02:48:57.364302Z","times_seen":1,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2023/09/cropped-descarga-32x32.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2023/09/cropped-descarga-32x32.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1; pp_main_5e5de3227afc7ac3a03bc643ab0fc1d6=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:26 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 29 Sep 2023 17:37:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65170b75-899\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\npriority: u=6,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xog0uTzTXuF2DvbKmvmTbxil0qwxqYPSKJVgq9RLk4bBi5F24Do9z1Gl7tE9cgaqtU4L9aFxyFH2kLCdpkGLowOifa712wYp83BOvI7nqA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc18aa9f7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2201,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced","md5":"c95a0c5d874bab2fe9a6d929623610b2","sha1":"397a48a0fefdc76ef050f2bd2c677b168c4a9eb8","sha256":"ed958ad0f4492889547405d1222747de32c1be569b60eb61b4f309da4a2b3a26","sha512":"aaf68c9badc23844f62fa9cd9908aa44caa84bcb155f135548f00d9c31b0db826e6acbd68fcfdb90cd2de2d476443a943a1743928909bc18fbb05dddc9e9ca76","ssdeep":"","tlshash":"a941095ef82b5611da9dad03c28845b048268c5b5a0dda98232ef48cd3e25afe795f42","first_seen":"2024-09-28T07:18:21.493972Z","last_seen":"2025-12-04T02:48:57.365304Z","times_seen":6,"resource_available":false,"data":null}},"time_used":502,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":502,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4.adsco.re:2087/","fqdn":"4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"162.252.214.5","port":2087,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 4.adsco.re:2087\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 02:48:26 GMT\r\nContent-Type: text/plain;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Methods: GET, HEAD, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type\r\nAccess-Control-Allow-Origin: https://xxxdominicano.com\r\nAccess-Control-Max-Age: 2592000\r\nCache-Control: private, max-age=10\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":207,"timings":{"blocked":85,"dns":1,"connect":28,"send":0,"wait":29,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Lilah-Brown-with-a-new-lesbian-in-her-bed.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Lilah-Brown-with-a-new-lesbian-in-her-bed.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:27:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce88a-2b06a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360947\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RP7RM0yYSGImebx7Lbl9Akq%2Bmej%2B%2FYHC6Eh%2FBYBUJpMlb3xYCaNE1QIZ9347go0l1iA0FLNTMPG0DwJjqMxf46HjvjqCGT3DvVeyYTK15Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea5e7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":176234,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 391 x 220, 8-bit/color RGB, non-interlaced","md5":"b73243fcfe52642af7b0d87162d5a7dc","sha1":"97034b84b34d85c3a01f485e2ecb0b0b68ac1874","sha256":"2f08a544003f0e80bf49771b829c2a1b4f102986b6ddedc52e31b039b4ff43a5","sha512":"17a294605f39c6881d0a752de0f893d04728f7c33f0c40680fcb47b2e4d517466eb97e051cd6294735dd1ac666bddb25dc7f2b3c03fc2896f45f2d49e0cb1a65","ssdeep":"3072:VhxukIj8yWnPMmjEFEsx/8G3a9bhz91T05iqvdTwBjHxATZlIYWgKuxY9:VhxukcoPtsEsx/9a9b905iIwly/IYWgI","tlshash":"5b0423205b52ce1b46971c807d75b834783f72e8f07b4705aa64662387c94e8abfad73","first_seen":"2025-12-04T02:48:57.366759Z","last_seen":"2025-12-04T02:48:57.366759Z","times_seen":1,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":115,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Cheila-la-banquera-Follando-Con-Un-Haitiano.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Cheila-la-banquera-Follando-Con-Un-Haitiano.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce860-6e7a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 319357\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LxV29IAItY1FP%2F5%2F7vUKwuJrvfh71k%2FydLf%2Bn5Nd1DeAB2wTrYIcm9zrVdQKoc8lFtC03cavMeVPre%2Fvjs%2FWyZQ0VVPN0HjeJ23h17QO0A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dfa6a7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28282,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 385x220, components 3","md5":"51914ed3e4e99f01e6e55db97cbc8e92","sha1":"01b1ed97d18214e98967df53876593a88b421c7d","sha256":"aeeceee9f0d4009b0665275cceda9135a16101220eb106c2a1e1970d73e5d4cf","sha512":"dabb867f5a7dbf274c42ff5ff310e0e63431a8b234d5af08a7a680b06041e4bcaaa00ff01d9b3eac7d04168d88b8fb8052736560974237af58604856178558d3","ssdeep":"768:EaV1IsDX4dEJXqPBp12ZSLF4+zAKotG2XnvFiGyfx8t:EfszaEJaPz1pLBHotGsvFiGZt","tlshash":"92c2e1c3d736f4eff9ae0372c615c636ea9d7836a092d354b09572212b256d04d30767","first_seen":"2025-12-04T02:48:57.368223Z","last_seen":"2025-12-04T02:48:57.368223Z","times_seen":1,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"c.adsco.re/#0.5009270744613096","fqdn":"c.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"104.16.43.28","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: c.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:26 GMT\r\ncontent-type: text/html\r\ncontent-encoding: br\r\ncache-control: max-age=604800,stale-if-error=86400,stale-while-revalidate=86400,public\r\nexpires: Wed, 10 Dec 2025 13:29:58 GMT\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Form-Factors,Device-Memory,Downlink,ECT,RTT,Width,Viewport-Width,DPR\r\ncritical-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Form-Factors,Device-Memory,Downlink,ECT,RTT,Width,Viewport-Width,DPR\r\nlink: \u003c//adsco.re/\u003e;rel=preconnect;crossorigin,\u003chttps://4.adsco.re/\u003e;rel=preload;as=fetch;crossorigin,\u003chttps://6.adsco.re/\u003e;rel=preload;as=fetch;crossorigin,\u003chttps://4.adsco.re:2087/\u003e;rel=preload;as=fetch;crossorigin,\u003chttps://6.adsco.re:2087/\u003e;rel=preload;as=fetch;crossorigin\r\ntiming-allow-origin: *\r\netag: W/\"zVLVf8vuO7FWAmxvxWs+VA==\"\r\nvary: accept-encoding\r\nage: 47905\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 9a87fc1b6b2cb518-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68735,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (789)","md5":"cd52d57fcbee3bb156026c6fc56b3e54","sha1":"f79f4ea0936f5f8b074cacdea9bcc763238373d5","sha256":"179107fb42153e83771f1b6348d13d94f5f47c6e0ecb10c2c444a87554ecbb6a","sha512":"2a47dd1690f210bbf1311e30da41c4e54eaabbf73c4e7a39a1fb97178278879920f23483fad6eb3de10c39c4b22778b49d23a9ca45fb32a3d3b34badb274bc4a","ssdeep":"768:dXKJhxPJjniq2nHAj43BXIt0GGkXjBBcMz9wN8/J3mYYUBB6dYkuv:AFJjni2t0MT8Mz9wSJ3mYYUBB6dq","tlshash":"f1633a797672302942b229ed553f4311b1be56a07c45d0e1e3adc9603c34eab933bfa9","first_seen":"2025-11-24T20:03:45.317192Z","last_seen":"2025-12-07T17:46:58.559501Z","times_seen":577,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Maria-Lamicq-Tiene-Un-Super-Squirt-Con-Su-Consolador.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Maria-Lamicq-Tiene-Un-Super-Squirt-Con-Su-Consolador.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce85a-5e69\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 319357\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q%2F3aimcCt64CBomD2DhI29Vfb%2F8AgiF1aCqHFFDp49UKCf9r1EN%2B03OzZ3LEIkKL8pV%2BEWOCWKIysCqoQAz2BcBi%2F%2BqJqkoqFpizlABMmg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dfa6c7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24169,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x220, components 3","md5":"d347aa7411b17785be40dac471e7a33b","sha1":"ade3894f4c8676df2e680087a7ae797d17c0129e","sha256":"eeba8f491dab2d232b7fd76e8d0fa0fb2daa11f8e1ac496ab282147a0ad9fc7a","sha512":"55273e28ba9f1f584e13018926f18da98d979bdd8430dc307292930a916099f8249fcdbc0538fdc8da0d6d78944151195c65895370a04da6a804bbd55ede835f","ssdeep":"384:r8IYqf9QDkuNoAtCxaRF/DyYlkAH+Jxn2AeI9S80L99WIZ5j7N:wdk9QYuNkKDIJl2keN","tlshash":"e9b2e15c95951576e04f0ab1cb94041f4b0de5510b56effcbd5069be33bc082fae4ae4","first_seen":"2025-12-04T02:48:57.369785Z","last_seen":"2025-12-04T02:48:57.369785Z","times_seen":1,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/themes/ultimatube/assets/stylesheets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/themes/ultimatube/assets/stylesheets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxdominicano.com/wp-content/themes/ultimatube/assets/stylesheets/font-awesome/css/font-awesome.min.css?ver=4.7.0\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 77160\r\nlast-modified: Thu, 13 Nov 2025 22:49:53 GMT\r\nvary: Accept-Encoding\r\netag: \"69166091-12d68\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\nage: 360950\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gEWiTLtO54O4sLHGAP4%2FKIEAGYNXZpJO9D97%2FVQRjh5rZSVMbTMZ9PZOou6jaz%2Flaf2xywpShNj80uUnbKS8jjUDbhud4sy0O52mAVa8XA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9a87fc11da7c7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-20T13:55:33.784509Z","times_seen":433178,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.211.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 02 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 02 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 113148\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-20T13:59:38.920906Z","times_seen":751132,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":50,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tm5r00enbwg8.s4.adsco.re/","fqdn":"tm5r00enbwg8.s4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.171Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: tm5r00enbwg8.s4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":510,"timings":{"blocked":0,"dns":325,"connect":183,"send":0,"wait":0,"receive":0,"ssl":-1},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Schoolgirl-Madison-Moore-getting-fucked-hard.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Schoolgirl-Madison-Moore-getting-fucked-hard.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce862-295bb\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 95621\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ODxWLnGt9F8XpUj9Y8%2FF4YNftMDESkM05dfNooYNb3YTTUoDI%2FTkzSapPvPAg%2BuhrRUdtRGZ%2FKoGeWMakbdfXggGrtQoVjmuPqJhfCsJ8A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea697131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":169403,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 392 x 220, 8-bit/color RGB, non-interlaced","md5":"026f3bdef24f747527ec0938cd616a70","sha1":"c93d7cd454fa691275880660881847f2e049eee9","sha256":"16ed3b4246270b310795cd5e42367becbe011542150e870563c11eaec22a5498","sha512":"873c02f5b8c13f8b7e58ce6dabcf35741f8fa3f1d0614d451adab350c055b4cd763e3c74be1f6aff8b8c79c11dea4425b6554cee095516a49d47b682c2f924d8","ssdeep":"3072:9P1FAqv/6/VemPQQLEDbQ6wQVTzmIBajArfTrgePFHQBkYURLJY4zwol6FtC:RAq3T/iajNhBa4fT/FwNqXF0tC","tlshash":"d8f31309fc019e2d1392e548550282caf9afc78d1ce43691d8a6f7d5e90e0f87cab567","first_seen":"2025-12-04T02:48:57.371315Z","last_seen":"2025-12-04T02:48:57.371315Z","times_seen":1,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":119,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Dominicana-Darelin-Willmore-Video-Porno.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Dominicana-Darelin-Willmore-Video-Porno.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce856-516a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BeJYU563WdppEOD6gqM5Pavz6CoEpCwNdpS7EjRgpGUrossK5IS%2BtBSxasG0rG7LNqc0LAtT7q49cpSGNNv2vbdnMv81%2Bmr%2FUpkkf8Makw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dfa6f7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20842,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 392x220, components 3","md5":"47b84ab915d071564fc9f0b38cfd873b","sha1":"0dbceda7d92ebd2f2c2aa6e1c177d5d6ef4ef9f3","sha256":"d60f07b0ac5dc975780f551ee02828dc8fd60f7087893fbb268382caf2a996bd","sha512":"23618d89ce2269594e6d2be386f86a5d7d78253ffa66a5a35f95ac16d5f4f99d4b38c00bbc3a5aad9cea148c9fd4fb075cc9bbfcc6f9d76fc59928e512276e28","ssdeep":"384:5r3A5ifrL6k+ba6DZu6ySw/PtTxodo3SeJq8GRBGoIJIRH:5FCnDQ6y3/P9xHxNGRBWJIx","tlshash":"ff92e15a96c6c0d7e16f06bfbb4c493193d0f50b16a2ab0f71d0a22c4774150cf493b2","first_seen":"2025-12-04T02:48:57.372698Z","last_seen":"2025-12-04T02:48:57.372698Z","times_seen":1,"resource_available":false,"data":null}},"time_used":714,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":576,"receive":138,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/watch.1441467147060.js?key=61fa5642046c4327085e4f22d6209b1b\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /watch.1441467147060.js?key=61fa5642046c4327085e4f22d6209b1b\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1 HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:24 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://xxxdominicano.com\r\naccess-control-allow-credentials: true\r\nlocation: https://realizationnewestfangs.com/watch.1441467147060.js?key=61fa5642046c4327085e4f22d6209b1b\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=472b21c28b533812a21c1aa763ee0979fd5384556224023d921aaeeb2973062b99a99bfbe0361f64346f065d2bbe4e32bb953b10275b1ad45de0785519079c31e8137b30cdd4b3a22b31ad1ddf8eb3555b2c78cce384583aefac02\u0026pst=1764816564\u0026rmtc=t\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzOTAzOCwiayI6IjYxZmE1NjQyMDQ2YzQzMjcwODVlNGYyMmQ2MjA5YjFiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyMywicHQiOjQsInBrIjoidjkzdGdrN3IiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.ILzQ5ASexXfPuQImxhEB_q2eeDZt8hwcZa16bM980p8; expires=Thu, 04 Dec 2025 02:49:24 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3b6a62ad84e513c3653d6d080680c714\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5272,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":62,"dns":0,"connect":0,"send":0,"wait":96,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/watch.319553895330.js?key=8f6edd1e8ad7befc4a63b2a2e89e457d\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /watch.319553895330.js?key=8f6edd1e8ad7befc4a63b2a2e89e457d\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://xxxdominicano.com\r\naccess-control-allow-credentials: true\r\nlocation: https://wayfarerorthodox.com/watch.319553895330.js?key=8f6edd1e8ad7befc4a63b2a2e89e457d\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=4e022f0f9bb8eed3f0cdf7f6881afdc3a6c6437dc371dd86e5d13c7fa2edd663e0292eeb4446959ef5edea5f33a265e6ba77c7323e1de6142ac191a35a35932e5a88c5a521e913555613fc71282b0391fd0b2e709354533167ce89\u0026pst=1764816565\u0026rmtc=t\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzODY2NSwiayI6IjhmNmVkZDFlOGFkN2JlZmM0YTYzYjJhMmU4OWU0NTdkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjo1LCJwdCI6NCwicGsiOiJweDJ6MDl6NiIsImNwa3MiOnsiMjkiOiI1MjNiZWI3ZTVlN2I0NjY3YjUzYzRkMDUwYzNlYmU5MyJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.pNzYoQxkVbAeCDyC8aKeE1-nCeSPHSD7rCJOChWvoIU; expires=Thu, 04 Dec 2025 02:49:25 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8a8ae640450aed16a1a27c816520bcdd\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5270,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":659,"timings":{"blocked":281,"dns":1,"connect":92,"send":0,"wait":96,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/82/6d/ff/826dff6ce7bdc9d9bafe9427b1dcc25f/1708593422.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/82/6d/ff/826dff6ce7bdc9d9bafe9427b1dcc25f/1708593422.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:25 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 88404\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 22 Feb 2024 09:17:10 GMT\r\netag: \"65d71116-15954\"\r\nexpires: Sat, 06 Dec 2025 02:48:25 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88404,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 728x90, components 3","md5":"6cabf293f6dd2089fe235e561e877699","sha1":"722bb84fc13b75838da8a5cab686ca6bb002efd1","sha256":"924c4fb246fe05127847d6b89fa74d312a916063d562d6146f46b2d4edf11129","sha512":"c5f7e4b86339f3cbe7d88114e04152dd9ef4afee95155ae912674572729c26d897b5960ed1ae456d336bd7a56ee445b7de82269d277a39a24597f332c896a58c","ssdeep":"1536:9IfN50xIUlFzsFDgzDv1uOiGKDaBMQOHwt+Ib5Fa3z8zjNN/0SsWEYWf6M9S8L:kN50xIaFwFDgv96DaRJb5FawFxGnrS0","tlshash":"eb8312f07b3bf0996e796b1eac5377a37ec51b0f1087442668e66871f28711b6088b35","first_seen":"2024-02-26T00:15:23Z","last_seen":"2026-02-14T21:46:43.678716Z","times_seen":37,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":76,"dns":32,"connect":19,"send":0,"wait":38,"receive":38,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/themes/ultimatube/assets/stylesheets/font-awesome/css/font-awesome.min.css?ver=4.7.0","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/themes/ultimatube/assets/stylesheets/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 13 Nov 2025 22:49:53 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69166091-7918\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360950\r\npriority: u=2,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I7HyFP6Bz1B2KBlE2pzYD4xYgL5g5EAKNliu5oDOfWme4VgiRh9Tq7LBqBIrs3O0nbvkcjBSGWcE5YQC4mE3fWUDNhrP2B6yX%2BGZ2p4P3w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dca567131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31000,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-04-20T14:02:01.613976Z","times_seen":247312,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Gracie-Bon-having-sex-with-the-Uber-driver.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Gracie-Bon-having-sex-with-the-Uber-driver.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:27:19 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce887-28904\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 50439\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2Y8pjTlgS%2BBmtTvinyRSrFARqACcyoYM%2Bpbx1sh4xSkdqGTeqEOzucuK%2BDzavEKIAezU5Se7hgeVjsAjcLELpWvi8N81BraATjR%2BjR%2FJmw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea5f7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":166148,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 395 x 220, 8-bit/color RGB, non-interlaced","md5":"5f3cbabec75713349572148646accdd5","sha1":"a43836f0cc614e0707ce94aa74194a3b4f9ce407","sha256":"8c7fd30780e8150243384be9920c94a04a11ad3bdfcebdcaa40b150712f23403","sha512":"473d8e7523aec968b50814baf96cc9658b6b0e8688d7e1c0cf73b3df96b694d55df45ab0fc5f69870296ba975adb29b1342ddbd5c60ff5080ca24d7e040cff73","ssdeep":"3072:ReUq5nEQ0txJwUx7Md27XMiiaoW+lDMjyjy8dGUBpQwHBl:Re15nva6UFMLbaoWKj1oUB22","tlshash":"60f31287e622b6159ed7fb4470f78c394a234d050c31021f469499ad0873eeafe8e9f9","first_seen":"2025-12-04T02:48:57.374974Z","last_seen":"2025-12-04T02:48:57.374974Z","times_seen":1,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":115,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Policia-Allison-Palvin-Follando-Duro-A-Su-Vecino.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Policia-Allison-Palvin-Follando-Duro-A-Su-Vecino.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce866-2840d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 319357\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OWHhRB%2BjqRhWYJ31JdXvU%2FUhXSb%2BAxjHLn3pzkEciBIAorx529rWIIV09UxaS5zxU9t3aq1tYiv%2FLA92LA3cgrwP9Nc4zJP8T5f%2Bo%2BNb5w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea687131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":164877,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 377 x 220, 8-bit/color RGB, non-interlaced","md5":"df9c855d35c2065b2f606a026fe1f914","sha1":"63ca5d80b1c5f49c1db8794b5409fc671049a4f0","sha256":"27300c7b65233cc76d330fc46ab63932e4eccbfda424d822bb7d95187adbbf90","sha512":"8ea23e8069fd7f5694b39286beb0c1c22b7f5a81835c248bdc3486a1b47ccfbf63353e7f0f444a2487b704e384bf70329c975ff7ff40e2e127c28e72096bf4d8","ssdeep":"3072:SOERQEqW9ZoyzfEAT9j2orV3gxnH1V0u8gKDCkIcW7KEINLrnDdgmqM5V:xE7HoyzMS2g3g9HrMG/ccKEIZnRdD5V","tlshash":"19f3121fa66aacc10c01f88523f8ee576e734af0c5749cef8acf6f4b696c1610d1a525","first_seen":"2025-12-04T02:48:57.376092Z","last_seen":"2025-12-04T02:48:57.376092Z","times_seen":1,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":120,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1836\u0026rd=1836\u0026fd=589\u0026bv=25.12.2106\u0026tmpl=70","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1836\u0026rd=1836\u0026fd=589\u0026bv=25.12.2106\u0026tmpl=70 HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:24 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":691,"timings":{"blocked":316,"dns":1,"connect":92,"send":0,"wait":94,"receive":1,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: be9b2c0fb965edb885ed1e530415ead5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":695,"timings":{"blocked":305,"dns":5,"connect":92,"send":0,"wait":102,"receive":0,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2024/01/xxx-dominicano.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2024/01/xxx-dominicano.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 24 Jan 2024 05:05:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65b09a7e-2da8\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360949\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5hA9l3mOyWwTj4wmyt4JJ1Z0GrS4yG3cpN07LzmdJ%2FVBHr85nGra3Vfdg8v9FJNoA6DL%2FZn%2Fbc46GgEiPaE0CIXtadOatOd5L92ZqTHmjQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dda5a7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11688,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 100, 8-bit/color RGBA, non-interlaced","md5":"8562ca7f9b51275407f3d1569b704d88","sha1":"6836958b10515be991de6ab17eb322b3a7be7586","sha256":"fc69c86b89b2a051ac9080e225f4474a0f80f96d7009a1631f128edde7886e72","sha512":"b94d111fa1a0f299799e9867c8d5ea978bdbe23f253ffd78b007c4f111af7c11ebbb67a4133154192badfddbc82c1a9b3bef7731e31d872aa87061c865b24877","ssdeep":"192:eyXTpdSsdA+7AZexrMLYr0G7p0RLrR+giAxMbcHLtk1gjOhZUk:FDp3LYe6iqRLrRPiAqo5k1uin","tlshash":"9332bfce94b77919a69b7037438c0780b8579f00c3bc9f530c2679eee63344e762a840","first_seen":"2024-09-28T07:18:20.945971Z","last_seen":"2025-12-04T02:48:57.377064Z","times_seen":6,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Video-Xxx-del-Artista-Dominicano-Zojord.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Video-Xxx-del-Artista-Dominicano-Zojord.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:27:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce885-666c\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 50438\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CHaduOHYWI3nWtGPDcrSxxATl6imotB1IJUQRU%2FgmbMzaKifsnX1itlK662kYu4hhOApe1vAfWSIWK6voEP9G71CXXX6SebZRnLGvM%2ByBw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea607131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26220,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 376x220, components 3","md5":"034edaf3a1ba3fbf6a1bbf2d6be6c68e","sha1":"cdd38fb344d7186d00db537654709f8fac8d6977","sha256":"151e9bfad02b6433425172ee0c4d691a963cbaf6883c580addcbe0f391035a1b","sha512":"a1530b67aedb16fabcf5d011997369883f118242fdb4546c82fe16bf5d292fec231a139f0c474847fe4ba0741d36d0c7094b51884fc264fae75151072430dbcc","ssdeep":"768:rPsmF0btnR3frmueLJnePDEFWmh0zSxRzQp:gmFQtR3nAegFW2pc","tlshash":"41c2f17b33245110eba92927c0ac1487d5519ffcbef109e6b6983d6d33b643687f2286","first_seen":"2025-12-04T02:48:57.378093Z","last_seen":"2025-12-04T02:48:57.378093Z","times_seen":1,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/themes/ultimatube/assets/js/main.js?ver=1.5.0.1763074193","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/themes/ultimatube/assets/js/main.js?ver=1.5.0.1763074193 HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 13 Nov 2025 22:49:53 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69166091-a413\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360950\r\npriority: u=3,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TlRIV%2B%2FSN18vexW0rQ7IYMbI1npJdq5kLwv%2FLTYAf5x9VgfqJ8PSQ4urfJ4kgikCqGjX5SnWv58gLBtuNlh%2BkbM4WQzEcxuzZ6332FsqaA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0e0a737131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42003,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"2307570753a76f7a80d5d93a29e54863","sha1":"db66a97b99908d3cc6aad20e7f45f220c64d2a65","sha256":"3ce74aac2e796739cdb2a1c3b02e673bc02e00154346cd90397815b9dd88f7ac","sha512":"c2b04a1f7d3ad84557ee4f806f10e0cb78f4641d703c6d240a66fa2c1735deabc62e1b74594d91797d385f32655d56a6390770766c2943125f1ac97d88e3f2db","ssdeep":"768:nEt1Rlb8ueedpBfrvXKAIF7BBtP/nIwsnD19VkWAoO:Et1RG0bC71nDh","tlshash":"5f138589f77c255a867a30de6c7f12dc353d0135a802086ebd2ca6e528e4b3d7396d39","first_seen":"2025-08-26T17:13:50.347369Z","last_seen":"2026-04-17T14:00:53.097696Z","times_seen":625,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/52/3b/eb/523beb7e5e7b4667b53c4d050c3ebe93.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /52/3b/eb/523beb7e5e7b4667b53c4d050c3ebe93.js HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 31458\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4c724ddd45db642939a83bf2a691d779\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":81858,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8a70be608264de14e8df960c8852f4a6","sha1":"098c66382e201bf563e88e376e45d42c79f119b4","sha256":"f835a681768492c84afde5205d9b05582dfe9e1684a24641ff3c6d5c50c112c5","sha512":"76987009d22c96ecddbfc673409543959a4d9ca21b2973f220005c36436b32385e20e92c6ca522e5ba2dfa68dc9434c901b1e93960a561f66113094191db72af","ssdeep":"1536:h3Zs5j4xaqmOxXUZ0ob3meMv6IqyiB+9be5:h3Acx//xXUofv6fOG","tlshash":"9283c88d7f99f1ac03527072722fa21ef0290d126098d1a4e253f5fdaf78729e976b14","first_seen":"2025-12-04T02:48:57.326582Z","last_seen":"2025-12-04T02:48:57.326582Z","times_seen":1,"resource_available":true,"data":null}},"time_used":640,"timings":{"blocked":258,"dns":0,"connect":0,"send":0,"wait":100,"receive":93,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:26 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e8a20b4e4027fe63d5881a5eaf92a218\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-20T13:56:30.600351Z","times_seen":14443,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Debora-Mendes-vestida-de-bruxa-chupando-um-pau.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Debora-Mendes-vestida-de-bruxa-chupando-um-pau.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce86e-691b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 319357\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=arsqSRFVo82zYEv6B4JVp4GRLn9EgafTgPqWhcVRIC3i2RQMKSS1SvQSXRJVzP10MyHQrcrhRTVSXXlb0MoBsdDWg7oSxi7tHscjwYSZ%2Bw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dea667131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26907,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 374x220, components 3","md5":"f5bef3b0784c6d8823265c65e2551483","sha1":"2dbcedb59538c4ebf943a8c66e77cbd81a095f4d","sha256":"659a8fb67f6105a5001a1cc07ecf6069fd36b15dc14d4369adb6bcf2bc4dfb11","sha512":"b2ae7cb5362e3583d2f4b93ab948df426a4b0f697e6ee56702a7d6b4389e67958952e3223b21fdd3e4cd1a442cc59428e739ac1459b9dffb3eb825330a001f05","ssdeep":"768:wShnFKaZY0PkkPzYVyeuvAuttKVBBN9vCuI+9BnxT:w8FKaW0PkVBuY2tOBNlCz+nxT","tlshash":"8fc2e1169fe503d3faba8820608fcb531b90e494b476cd9f61ab05a43327bc958d2797","first_seen":"2025-12-04T02:48:57.380214Z","last_seen":"2025-12-04T02:48:57.380214Z","times_seen":1,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:24 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b47c27ef89635dd48449b136de0e03db\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":526,"timings":{"blocked":244,"dns":0,"connect":0,"send":0,"wait":94,"receive":3,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6b8cd5a81190ac7d96e9567210d06fd9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":650,"timings":{"blocked":266,"dns":1,"connect":93,"send":0,"wait":98,"receive":0,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pixel.wp.com/g.gif?v=ext\u0026blog=245855071\u0026post=0\u0026tz=1\u0026srv=xxxdominicano.com\u0026arch_home=1\u0026j=1%3A15.3\u0026host=xxxdominicano.com\u0026ref=\u0026fcp=1950\u0026rand=0.163774253463706","fqdn":"pixel.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wp.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 05 Oct 2025 19:44:58 GMT","end":"Sat, 03 Jan 2026 19:44:57 GMT"},"fingerprint":{"sha1":"E9:63:7F:0C:6E:C3:A6:C6:27:94:43:17:2D:51:5E:E2:3E:DA:FB:16","sha256":"7A:94:BE:74:03:C4:90:D6:E8:ED:98:EB:0F:DC:60:BE:D8:2A:DF:82:3F:DC:85:70:4F:C1:10:52:E4:F5:75:81"}}},"request":{"raw":"GET /g.gif?v=ext\u0026blog=245855071\u0026post=0\u0026tz=1\u0026srv=xxxdominicano.com\u0026arch_home=1\u0026j=1%3A15.3\u0026host=xxxdominicano.com\u0026ref=\u0026fcp=1950\u0026rand=0.163774253463706 HTTP/1.1\r\nHost: pixel.wp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: nginx\r\ndate: Thu, 04 Dec 2025 02:48:25 GMT\r\ncontent-type: image/gif\r\ncontent-length: 50\r\ncache-control: no-cache\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 6 x 5","md5":"e4d673a55c5656f19ef81563fb10884c","sha1":"1f2d8ed221d39329251ad3a6ff1edb20b7219443","sha256":"f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1","sha512":"e0b03411282a979cf772f700d9e5634b0c25c612e380ad33c0d59059b1b479d027016d5beb148403ef185430db35f5faed362f36ce2c8ecad0e6d8e30cea97b4","ssdeep":"","tlshash":"69900201f9a08180c1206535091a035c62049256490443062255751c5d546650616254","first_seen":"2023-04-05T23:53:38Z","last_seen":"2026-04-20T14:03:09.766938Z","times_seen":84378,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/watch.155143227167.js?key=61fa5642046c4327085e4f22d6209b1b\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=0c7fd5b8688d13314f98f215abc0f5f03d7ae15d9579c52e70946b49157b9178af9ce887b15060fe66eaf8f54d2652965743e4d06441de805f2755425f5780babdd0df46c8c57d666be28167185d06212675252a77e1d53322b830\u0026pst=1764816565\u0026rmtc=t","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /watch.155143227167.js?key=61fa5642046c4327085e4f22d6209b1b\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=0c7fd5b8688d13314f98f215abc0f5f03d7ae15d9579c52e70946b49157b9178af9ce887b15060fe66eaf8f54d2652965743e4d06441de805f2755425f5780babdd0df46c8c57d666be28167185d06212675252a77e1d53322b830\u0026pst=1764816565\u0026rmtc=t HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzOTAzOCwiayI6IjYxZmE1NjQyMDQ2YzQzMjcwODVlNGYyMmQ2MjA5YjFiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyMywicHQiOjQsInBrIjoidjkzdGdrN3IiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.ILzQ5ASexXfPuQImxhEB_q2eeDZt8hwcZa16bM980p8\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: text/html\r\nContent-Length: 3267\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://xxxdominicano.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1; expires=Thu, 11 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\npdhtkv23=true; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\nuncs23=1; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\nu_pl22039038=1; expires=Fri, 05 Dec 2025 02:48:25 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 12\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7664a0b19edc70a981e41aaedb133591\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4840,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (2414), with CRLF, LF line terminators","md5":"8977fd971754c4feb0c07d6051f4745f","sha1":"c8e5d214b5507beff9d43d2403ada1f2a176ec7c","sha256":"b03696087ee13b33909208f490ced9f40376cd0ca990c4cb914eb24355d0f5fb","sha512":"bcac9b4e727f2ab7b186df805fcfc29e5e98ab71e09d455b83fba9401c4f80116b5929440e4752e820bca3e4742833ed06c6672101381992474fb4365731de78","ssdeep":"96:8pJozowy6qIckxzDrS6ecqU9ok+2xlp8f6QEMHzzq1wDeCfMEDaH:NzoCqIckxPmoKAx+9TC4eCkCaH","tlshash":"66a12c7a1ec748bd2023406f62b7526a2f31510b9742de00355cf7c26f20d604e6a9ed","first_seen":"2025-12-04T02:48:57.382489Z","last_seen":"2025-12-04T02:48:57.382489Z","times_seen":1,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pawgleamed.com/5e/5d/e3/5e5de3227afc7ac3a03bc643ab0fc1d6.js","fqdn":"pawgleamed.com","domain":"pawgleamed.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:23.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"pawgleamed.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 22:45:30 GMT","end":"Wed, 07 Jan 2026 22:45:29 GMT"},"fingerprint":{"sha1":"5A:06:C1:20:B4:F1:23:32:62:3B:CD:3B:8F:29:9C:9C:F0:EE:E8:8E","sha256":"48:1B:07:19:33:BC:BB:D4:D9:9D:40:9F:49:F4:C7:99:31:18:8A:7E:F3:83:A5:DD:1E:33:94:92:07:00:E5:FF"}}},"request":{"raw":"GET /5e/5d/e3/5e5de3227afc7ac3a03bc643ab0fc1d6.js HTTP/1.1\r\nHost: pawgleamed.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:24 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38149\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: pawgleamed.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ce0e272a7bb52d9cbc63c8030b2b45c7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":106568,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7d3c0df9ec0a00c5c87e9f2c41372932","sha1":"f62776fc0e734e04b0769f5c09c670068a4071d9","sha256":"155a2a2928be7f93d2f054066a129560476f4163395d1f8afd6b57f9add6725e","sha512":"c5b5bbf35b079c266967e7e18c2784293a3d54b901ad2577d37d744d39d33360bf849282dd7a0c22dd9c895ddf4d4734db47223b532161dfdc1cc488ab8722e4","ssdeep":"1536:EpOvTY8Afd1ow5ZEUjHzQSF63R2LbqKYmEqMTd01yLVH2WQgPrNQCld5h4s9imf+:qXLD33COgu+bAKaSs","tlshash":"70a3c9d97f40f06d4271607a113fa00af25b0e46688cd59ce117f6a42fa865fe57ef28","first_seen":"2025-12-04T02:48:57.383586Z","last_seen":"2025-12-04T02:48:57.383586Z","times_seen":1,"resource_available":true,"data":null}},"time_used":868,"timings":{"blocked":325,"dns":60,"connect":93,"send":0,"wait":100,"receive":94,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"pawgleamed.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"pawgleamed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"pawgleamed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Pareja-god-of-sex777-follando-en-la-lluvia.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Pareja-god-of-sex777-follando-en-la-lluvia.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce85e-732b\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 319357\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uXYJTeL1pI4P20pPZTeiOwos3TBxMh91IZLPaP2Hqa7Sje%2BlpUJQ%2F6HBC57I6z66jmvwAHKcw7x347keZvynuEOR0e%2FCyCJKwXSBuZUIjg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dfa6b7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29483,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 367x220, components 3","md5":"ffd6d20351e00b13cfc6b48f72130539","sha1":"98278d6e16d7bdebd8f92080a04366dddcbd8de8","sha256":"74f4710edc2d3e77576b8d223f5403f777d40f777bac4c37f6e1344fb086aa69","sha512":"81daa69cf522bc6b419e6a8fc232aa392cd54539ee87cb5d2471083cb89955d058aa1aa460230865a7b5b775a9d311f30f73792a69ec9d578588ca7143e8fe00","ssdeep":"768:1OGD+QDWP/3CZ3H6nDhyG7TXndyNHhpBVwyieD5:1p+AWn36QDhyG9ythpkbq","tlshash":"72d2e063bb9e342dd23c5cb125abe520c681bd22d3e8b5a405c28d56b33a3fd8018bd5","first_seen":"2025-12-04T02:48:57.384545Z","last_seen":"2025-12-04T02:48:57.384545Z","times_seen":1,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"displayvertising.com/tgigldcducaagzhm?EjxRYGkz=BQOCAAAAAAAACZUAAjjTA7oiNEOMbBmMtaeuR9Nh6rl67GtZoVzvzvU3a2ppM00UQjYIyNUI5zxS1VgG4ZLopNSBc5XFv07sJCljDQq6F1sDBtmzB1lLUYILCj_T5kQqmqfTs2HIDlHK4kekhnCjPaJ_3l1JnVCs9LHsubUod1mkzZeoKrdHawGasaARwAaX2mv7wX6-3jNETK0DJ3F72jpn23-QHHp-RBKlJRJ27jVQPExKvMc8sQI65pFX9sNyLUWfPN7NtZof8atnY9pPmd6OopbtYdtW83B9aEk_3QG_AlLcuf1jj4zygdX-W-vQdss64p1GmgocuKnHyj5maWrLUZxCsGzKxgcCXyfWpy0dRWFUTY_i1ive9P4uSfI4AQTRYWqns0-5NcRB4G8m-rCPTAmEfQ1w1NFx-XIGLdSYP_4L2O9WMcltQ6TsxL5BK-Z4TFWey81FttXI3ViwQjcijonyzX1duiw2aKMYYbjrVfAx1AZTHV4m2t6PKYOiuffVsSC3AqzwvRRz8KaBLMYcdrD-F-7zuSez2L4PUcXDg2jEmT46dtCtA0i24hC-tgKlXpCVmbSuKAdE1AOZbre07wpnVxkAbl9XYj2xZ_75SoRAsIuRuoPSXlpNAbP_-yD_d24gErx6EDzMxp9_hshtIkoIJ8HXjZ59ZRVoeUGB5ywqMCSsmh5CHBdgcUDMcTunxHTxqqup7TbXZ0k4tGqfIl5nmW_vmEyHX9vThUukoaPc-gf1Hdn6YbqgV7O5y89yeMYLVivSInUu8QgCHHoM6QsT2-aMbJd8BKmOIRKOfTNKNL5WgA4ZQhmwjJLse9_x2Pgxi8sm13cAwX6jUs62tUNlt5Rh2sVzfJVX5TG6hlP5a0S7HVRbYU9dkUtHW-FNoMpT5qZZmOkF6MVqincPR9N0uh-6i1zYpNHW5hds5j-J2juI1pPULVrgW8rR6-GmCguZULpZBmJ0ngMhBA-T9EKzkqlGuvhDNCUiAvj0ofWcI6QInpEaHYN0F8P1vBIqyLBKSKqZBvol0mfdqVNwzi7ZRR8DhaWbQEcqzFIazDOblX_5Jb3C5fT7xliHi0rgMaEZtcxfCjDsET51DjmMcB6u6a1POnc9jF4b1gDXCq6WF3d6cJ7pvOdJm1_3jnNPLz2ZMfzCAy3dh8xDnGsZQqNlWzG5WFPCO6BSX-u61DbO6Dx9rD2AeQpR\u0026ZuTQlfGk=4\u0026RuNLQPIA=5052482\u0026hIoiqAXM=\u0026WQYPONjC=0:1,0\u0026YBgCpDoS=\u0026rbWLkVKD=\u0026QTZAvFMB=1280,1024,1,1280,1024,0","fqdn":"displayvertising.com","domain":"displayvertising.com","tld":"com"},"ip":{"addr":"216.59.56.9","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:27.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"displayvertising.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 04 Apr 2025 00:00:00 GMT","end":"Tue, 05 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BB:A7:E2:24:FF:EC:EC:B7:A1:F9:77:02:9A:AB:B1:8A:AD:9C:95:5F","sha256":"D1:55:30:57:68:7E:A4:DC:AD:2D:9F:A1:1B:7C:6C:B8:5C:58:E6:3B:4D:43:6F:96:32:54:96:A6:27:2D:D5:0A"}}},"request":{"raw":"GET /tgigldcducaagzhm?EjxRYGkz=BQOCAAAAAAAACZUAAjjTA7oiNEOMbBmMtaeuR9Nh6rl67GtZoVzvzvU3a2ppM00UQjYIyNUI5zxS1VgG4ZLopNSBc5XFv07sJCljDQq6F1sDBtmzB1lLUYILCj_T5kQqmqfTs2HIDlHK4kekhnCjPaJ_3l1JnVCs9LHsubUod1mkzZeoKrdHawGasaARwAaX2mv7wX6-3jNETK0DJ3F72jpn23-QHHp-RBKlJRJ27jVQPExKvMc8sQI65pFX9sNyLUWfPN7NtZof8atnY9pPmd6OopbtYdtW83B9aEk_3QG_AlLcuf1jj4zygdX-W-vQdss64p1GmgocuKnHyj5maWrLUZxCsGzKxgcCXyfWpy0dRWFUTY_i1ive9P4uSfI4AQTRYWqns0-5NcRB4G8m-rCPTAmEfQ1w1NFx-XIGLdSYP_4L2O9WMcltQ6TsxL5BK-Z4TFWey81FttXI3ViwQjcijonyzX1duiw2aKMYYbjrVfAx1AZTHV4m2t6PKYOiuffVsSC3AqzwvRRz8KaBLMYcdrD-F-7zuSez2L4PUcXDg2jEmT46dtCtA0i24hC-tgKlXpCVmbSuKAdE1AOZbre07wpnVxkAbl9XYj2xZ_75SoRAsIuRuoPSXlpNAbP_-yD_d24gErx6EDzMxp9_hshtIkoIJ8HXjZ59ZRVoeUGB5ywqMCSsmh5CHBdgcUDMcTunxHTxqqup7TbXZ0k4tGqfIl5nmW_vmEyHX9vThUukoaPc-gf1Hdn6YbqgV7O5y89yeMYLVivSInUu8QgCHHoM6QsT2-aMbJd8BKmOIRKOfTNKNL5WgA4ZQhmwjJLse9_x2Pgxi8sm13cAwX6jUs62tUNlt5Rh2sVzfJVX5TG6hlP5a0S7HVRbYU9dkUtHW-FNoMpT5qZZmOkF6MVqincPR9N0uh-6i1zYpNHW5hds5j-J2juI1pPULVrgW8rR6-GmCguZULpZBmJ0ngMhBA-T9EKzkqlGuvhDNCUiAvj0ofWcI6QInpEaHYN0F8P1vBIqyLBKSKqZBvol0mfdqVNwzi7ZRR8DhaWbQEcqzFIazDOblX_5Jb3C5fT7xliHi0rgMaEZtcxfCjDsET51DjmMcB6u6a1POnc9jF4b1gDXCq6WF3d6cJ7pvOdJm1_3jnNPLz2ZMfzCAy3dh8xDnGsZQqNlWzG5WFPCO6BSX-u61DbO6Dx9rD2AeQpR\u0026ZuTQlfGk=4\u0026RuNLQPIA=5052482\u0026hIoiqAXM=\u0026WQYPONjC=0:1,0\u0026YBgCpDoS=\u0026rbWLkVKD=\u0026QTZAvFMB=1280,1024,1,1280,1024,0 HTTP/1.1\r\nHost: displayvertising.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxxdominicano.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\npopads-node: wb4\r\naccess-control-allow-origin: *\r\nasf: 9\r\npopads-ec: ASB\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-length: 44\r\ndate: Thu, 04 Dec 2025 02:48:27 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":44,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"d5f0a25e4d3522d56d48ce7bc3e518fb","sha1":"86794caff58f7fee6e684c2ba7195f970a8d6f4c","sha256":"9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5","sha512":"a3a81801f516a4eb11f00d6f56dab0ed4b8a79219e6b4f5436993479f09dae08f14cffbab3327ff66fb39201d8eba1153ae7114f7705a01cc6f0edf840ef1616","ssdeep":"","tlshash":"789002801814116115d1500b8d5159d01259b1a4540801324446ca502dc7883a415774","first_seen":"2023-03-07T01:17:45Z","last_seen":"2026-04-20T05:40:40.345222Z","times_seen":23469,"resource_available":true,"data":null}},"time_used":746,"timings":{"blocked":317,"dns":20,"connect":93,"send":0,"wait":111,"receive":0,"ssl":203},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"displayvertising.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2023/09/cropped-descarga-192x192.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2023/09/cropped-descarga-192x192.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1; pp_main_5e5de3227afc7ac3a03bc643ab0fc1d6=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:25 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 29 Sep 2023 17:37:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65170b75-68e4\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360944\r\npriority: u=6,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dKGNvF2rrArJ2qbfNrowjxSqxZKUUVQlLsuHzVhbZHvJZNu1TY6dxZQBvRyLtLolwi5w9iDI9eoLy3TPnsC%2FLpuEydDKfpvxHtPfMexY8w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc18aa9e7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26852,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGB, non-interlaced","md5":"2ffb663e223ec62e4ed880e074e68149","sha1":"b892952d8273b077a0dfd0dee45efa218193df7d","sha256":"d67e1c88703493a4af79d43c6fa22690200ef7d412d7deed1502b775b9832d89","sha512":"c66ba76e87ac7577aadb33df1bb6efa63a67c88a4ecd0321a1bc3180d544b4e08f8e870a2842b820439d297f4bc08c486e8dc382bf850178b824402137b3ac1a","ssdeep":"768:ShKy8MWM8r+s1PWHeOkOU6W8nbly4Yo+gvtWihLW:8sZj+cuLplntYoLjW","tlshash":"c0c2d0bd90c5d53c4582bae79f487cd98f4cf7215e06a2038a248a7bfac14dd90376e2","first_seen":"2024-09-28T07:18:21.495927Z","last_seen":"2025-12-04T02:48:57.386566Z","times_seen":6,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"6.adsco.re:2087/","fqdn":"6.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"104.16.43.28","port":2087,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 6.adsco.re:2087\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:26 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 45\r\ncf-ray: 9a87fc1b8a9f0daa-OSL\r\naccess-control-allow-origin: https://xxxdominicano.com\r\ncache-control: private, max-age=10\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-max-age: 2592000\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":2087\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":16,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"35.157.43.145","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.672Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://xxxdominicano.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1; expires=Sun, 02 Dec 2035 02:48:24 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"4ad67d97ad46f79c69e2b8c5484fb10d","sha1":"b7e888ed12beed1fb4c337ec8a48142ab96794a1","sha256":"c9065d99d74ac9625fe5c5294b27d12ba485f421593d5d7a61159af216def38f","sha512":"0276b86c10203370ced9e5681e488df2926372f73ff4cb80432680a10e406d52345280fde8561d849e31a783cb8c8417ecafda9e71adb6637d95905da3adad4f","ssdeep":"","tlshash":"8990044400c530515110550044447d503d4ddc314d01c43d1745dc05d4070f5c5c7010","first_seen":"2025-12-04T02:48:57.38743Z","last_seen":"2025-12-04T02:48:57.38743Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4.adsco.re/","fqdn":"4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 04 Dec 2025 02:48:26 GMT\r\nContent-Type: text/plain;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Methods: GET, HEAD, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type\r\nAccess-Control-Allow-Origin: https://xxxdominicano.com\r\nAccess-Control-Max-Age: 2592000\r\nCache-Control: private, max-age=10\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":82,"dns":1,"connect":28,"send":0,"wait":30,"receive":1,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=5e5de3227afc7ac3a03bc643ab0fc1d6\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=2","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.592Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=5e5de3227afc7ac3a03bc643ab0fc1d6\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=2 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:26 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bfab7a96588be4ea0824e9be599d5223\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":659,"timings":{"blocked":281,"dns":1,"connect":92,"send":0,"wait":95,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Masha-Porno-Muy-Caliente.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Masha-Porno-Muy-Caliente.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:27:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce88d-25f0c\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 360948\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a5r%2B2c3oBi8hm50%2FP%2FpFizMd1qcdk%2BtZmPZ2mzttHB6a8zIpluwuQbOkTm%2F4yJScCbDtt63nI0njHt%2FKKiUIwl4K2H9HDI44fLQciaD9Xw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dda5d7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":155404,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 381 x 220, 8-bit/color RGB, non-interlaced","md5":"6eaba0d8b9d4ae764c6dd1c1e5a467ec","sha1":"b966ab1be688189fa2b1f767ef9a7c746a91acd9","sha256":"a42d47c7a15c3a2935b8bb70d37c024e5d04f9e43a9b07a00b7743874a0d2b6c","sha512":"a98f77e74512694b4e8197ccca59a4d8991dcca14daf3c4b89e91025f45bbc55d87620a3b6d9d3024a3bdedb264218c721dbc453642f84c783167a9b7699e2d7","ssdeep":"3072:7q9ticjraesuO0e6We/g2bCjp4Zs4fs6Legwx+Qi4iYBDHuMlA:s1jZjg2nN06+0H49xA","tlshash":"f1e312b4e137d15b47fa512160f3b82c34e975e447e3252a48dc0d2f4a089bdba2d7ad","first_seen":"2025-12-04T02:48:57.388257Z","last_seen":"2025-12-04T02:48:57.388257Z","times_seen":1,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":127,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxxdominicano.com/wp-content/uploads/2025/11/Video-Porno-De-Leyne-Rodriguez.png","fqdn":"xxxdominicano.com","domain":"xxxdominicano.com","tld":"com"},"ip":{"addr":"172.67.156.153","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxxdominicano.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 29 Nov 2025 14:31:21 GMT","end":"Fri, 27 Feb 2026 15:31:18 GMT"},"fingerprint":{"sha1":"79:8E:BA:E5:80:9D:44:FD:BD:F8:75:43:85:EA:6E:E1:D4:8D:7A:A0","sha256":"8C:9A:BA:1B:5F:C1:BD:A0:E4:F9:A9:CF:7A:F2:77:68:27:9C:83:0B:02:4F:CC:8D:E8:C3:2F:2E:55:FE:77:B1"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/Video-Porno-De-Leyne-Rodriguez.png HTTP/1.1\r\nHost: xxxdominicano.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xxxdominicano.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 04 Dec 2025 02:48:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 18:26:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690ce85c-799c\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: br\r\nage: 319357\r\npriority: u=4,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CCxlMFUBVmTE9i3gH13HnVgkaed0etbUGFnn1Y%2BCoHFSMYV0BTMAbTT%2FFBQddWhXKBsPo4ha4EO4Xxk%2BwqVtzQrmEVp%2FMMmVJ%2FLit5HQcA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a87fc0dfa6d7131-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31132,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 380x220, components 3","md5":"63772aa27822580e4a6b65d0ff33d64c","sha1":"0c32fd687567df7400278b3988b06d593a81cc82","sha256":"30dd4be65c5697fe6bbc409ba5eefc9eaa40b9a2b7bb7e501225d4d10e8b75df","sha512":"b15a3e271a442e08fb7605afcb56f7fdcfbbf75f6c757504c07f843e13d1d032bf66a2c03ede4129ffcb89963671600b0380ca670cd6f757bae894e1de2d1c28","ssdeep":"768:HZuTitZ5Mk7OyPvpdAAxtVdnN/sWJEJFlwE0rg5dSSjUj:53Z5Mk7OyPDFxxaWW9Cg5d96","tlshash":"00e2f1a2e413b539f11eaf2350d306cb3cd5843f65b4a0a915b7628af3bcd6e456103a","first_seen":"2025-12-04T02:48:57.389131Z","last_seen":"2025-12-04T02:48:57.389131Z","times_seen":1,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":54,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"xxxdominicano.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"35.157.43.145","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uid_id2=963cd7d6-483e-4c5b-833b-1d14f3b94e02:2:1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://xxxdominicano.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"4ad67d97ad46f79c69e2b8c5484fb10d","sha1":"b7e888ed12beed1fb4c337ec8a48142ab96794a1","sha256":"c9065d99d74ac9625fe5c5294b27d12ba485f421593d5d7a61159af216def38f","sha512":"0276b86c10203370ced9e5681e488df2926372f73ff4cb80432680a10e406d52345280fde8561d849e31a783cb8c8417ecafda9e71adb6637d95905da3adad4f","ssdeep":"","tlshash":"8990044400c530515110550044447d503d4ddc314d01c43d1745dc05d4070f5c5c7010","first_seen":"2025-12-04T02:48:57.38743Z","last_seen":"2025-12-04T02:48:57.38743Z","times_seen":1,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/watch.155143227167.js?key=61fa5642046c4327085e4f22d6209b1b\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:24.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /watch.155143227167.js?key=61fa5642046c4327085e4f22d6209b1b\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxxdominicano.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://xxxdominicano.com\r\naccess-control-allow-credentials: true\r\nlocation: https://sourshaped.com/watch.155143227167.js?key=61fa5642046c4327085e4f22d6209b1b\u0026kw=%5B%22v%C3%ADdeos%22%2C%22pornoxxx%22%2C%22dominicana%22%2C%22peliculas%22%2C%22sexo%22%2C%22xxx%22%5D\u0026refer=https%3A%2F%2Fxxxdominicano.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02%3A2%3A1\u0026shu=0c7fd5b8688d13314f98f215abc0f5f03d7ae15d9579c52e70946b49157b9178af9ce887b15060fe66eaf8f54d2652965743e4d06441de805f2755425f5780babdd0df46c8c57d666be28167185d06212675252a77e1d53322b830\u0026pst=1764816565\u0026rmtc=t\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyMjAzOTAzOCwiayI6IjYxZmE1NjQyMDQ2YzQzMjcwODVlNGYyMmQ2MjA5YjFiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQ2OTYzLCJwaWQiOjQ0NDg3NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxNiwiYWlkIjoyMywicHQiOjQsInBrIjoidjkzdGdrN3IiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly94eHhkb21pbmljYW5vLmNvbS8iLCJ0eiI6MSwiYXIiOltdfX0.ILzQ5ASexXfPuQImxhEB_q2eeDZt8hwcZa16bM980p8; expires=Thu, 04 Dec 2025 02:49:25 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d282b2d8ef61f65c0efedaa044ee1fce\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4840,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":638,"timings":{"blocked":260,"dns":1,"connect":92,"send":0,"wait":96,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:25.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:14:37 GMT","end":"Wed, 28 Jan 2026 01:14:36 GMT"},"fingerprint":{"sha1":"5A:67:AA:88:D5:BE:C4:00:42:86:CC:4E:FC:E7:73:FE:CB:85:71:60","sha256":"F5:6C:A4:39:AC:04:F6:11:7E:DB:94:93:4C:93:FC:EC:A2:B4:4E:A4:FE:19:8E:22:C0:D8:D4:84:67:37:70:C0"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:25 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 46929cfeee1cc7efa03eb8a6c5940cb3\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":137,"timings":{"blocked":59,"dns":0,"connect":18,"send":0,"wait":17,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=523beb7e5e7b4667b53c4d050c3ebe93\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=2","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=963cd7d6-483e-4c5b-833b-1d14f3b94e02\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=523beb7e5e7b4667b53c4d050c3ebe93\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=2 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Thu, 04 Dec 2025 02:48:26 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3c7f4b28abbdaf743bea351c4201f611\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":668,"timings":{"blocked":286,"dns":0,"connect":94,"send":0,"wait":94,"receive":1,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-03","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-04","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/55/59/3f/55593f6bc2b1d4841f5e18d8a15c4667/1708592825.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxxdominicano.com/","date":"2025-12-04T02:48:26.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/55/59/3f/55593f6bc2b1d4841f5e18d8a15c4667/1708592825.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 04 Dec 2025 02:48:26 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 92638\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 22 Feb 2024 09:07:13 GMT\r\netag: \"65d70ec1-169de\"\r\nexpires: Sat, 06 Dec 2025 02:48:26 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92638,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 300x250, components 3","md5":"3fe768555bd54b82ad81723432de8c3e","sha1":"2ac5671ded7c34b91fde5e6d2250415dc2abfb38","sha256":"b9d3f360c16e6b138fcacdc47f07d19bdffefe1af24fb47f7b4add145d84e588","sha512":"578fef4941906a382af36c2018456c3774ffa2926747dadcb19a916c08c3cb4341c2b3306a7c6589b77cc161422d3cd61e877f7e8f7615eba7a1ef5f9da15d89","ssdeep":"1536:W1hM4VN0239hLwBbQUlHG89GyuFyyHxYnUIJ/jWdwdeOJkbBNR6M6UExKwzlic00:8nV22thLwuwHdUyyxxYUIJ/3IOJmOMZW","tlshash":"239312b4573ad04d3899c6d94f4cb91d4db3ca58009bdc7a0ff85d62ec92b0f6d62068","first_seen":"2024-05-02T09:37:49Z","last_seen":"2026-04-18T13:03:22.533271Z","times_seen":82,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}