{"report_id":"e9143f1b-4f4e-45ca-9e7a-870fb927a91c","version":0,"status":"done","tags":[],"date":"2026-07-02T12:49:07Z","url":{"schema":"http","addr":"processhacker.net","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"processhacker.net/","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"title":"Process Hacker - Advanced Process Monitor for Windows | Free Download","dom":{"size":110264,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (334)","md5":"f000d1cbc9e6c81d4e057083a4ac9e78","sha1":"68f8993bae91e37ba39b4ee553ce929ba9065b4c","sha256":"d86e034227b8a1499f999fa1092870694f1af46836aecefd6c0a4f7d597fc9ed","sha512":"2214c95737a6575beed5044fbc2ba68be795b26609db8f3940c7219b02d6749be9615fd63d133b92cdf2ecb6ee532bb8be3882ee43766541155bf7d2541b1a45","ssdeep":"1536:Ceg9hnsSOfpBJJfSegxkwmmsH5JQ4MLd3G2Usos+OyQi:j6egxkwmmsH5JQ4MLd3G0i","tlshash":"73b3863472f1507a7ca3a3f5e79d322d7e29d05bd91b8998b5dc41209fc2af68d83a10","dom_hash":"domhashcb1d0cf9d875231b8c69aadf5ef2a2d1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"processhacker.net","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-06T12:49:07Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"processhacker.net","ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-30","domain_rank":0,"first_seen":"2026-07-02T12:49:09.035152Z","last_seen":"2026-07-02T12:49:09.035152Z","alert_count":52,"request_count":13,"received_data":236738,"sent_data":6525,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-06-28T22:30:22.905773Z","alert_count":0,"request_count":1,"received_data":485977,"sent_data":480,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-06-28T22:47:06.167692Z","alert_count":0,"request_count":1,"received_data":277410,"sent_data":490,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@tailwindcss/browser@4","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4ab42b0053e976bc3a170bb73eb47e4a","sha1":"72ffa8579bed201cb460a4d929f91e62a08ab606","sha256":"d04446c80203b7517ca833115e9bdcbd87f1ff709a9f4f7ca48804604129d782","sha512":"99037b4ad0b354997eaf089e5adf9afec0ccea6b9c15223adfab27d897fc4877c105d68bfeb093ea1c04e9aff378393131689519862e1385a478cb9157abb99e","ssdeep":"3072:O3M3h4O2WMhWAY/LBcDcQKwod0PNTsVPYoYZGJtgXoul5VWR8cWiYVSi5+0Lra2Z:D2OT7jaWsNxy0uOz","tlshash":"cf442b353603a03e5fbb43da20de6004d62e6b65a75841e8f782d51b21e5af809f7f39","size":276272,"data":"","first_seen":"2026-06-30T06:12:31.279404Z","last_seen":"2026-07-03T03:09:44.104071Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/common.js","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb3c5268d8a536497e92c1365655aeec","sha1":"7747fc1635564c841bb3e9e2162a55e7734a9fcb","sha256":"e5b75cf20f2cb0312071f92ad42a82edb2d94e7359db0c5b35b5707101669943","sha512":"0bceb94e374075bea7dc4676e63991964db7fb96256ba031ab28317c2af4719de7bba8262d27c3e7ecf6e76ccc920fbae30d3f26e15e087bcc9c6f7396fbf6ad","ssdeep":"192:MrW6LQXa7ilay4cOT2P2B262p24u9K2N2X2G2Ccf2v292LWuK232LS2N2X2G2nz8:0f0vSkCFUVqW/mwasu85qW/cffVzU1","tlshash":"21e272bc63f4126d90c78361a79a397c683dc163f617844cb27d51b2af83c1a9793ab1","size":33437,"data":"","first_seen":"2026-07-02T12:49:13.494443Z","last_seen":"2026-07-02T12:49:13.494443Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d7ad44ddfce72a27ca2fecb1357e1003","sha1":"da70d3a903450c4cd10f201d6d2cc782cc5e6351","sha256":"9455360f881f92910689aad76ee0d8c50ada00a6ece2c62df0c9347b2a994616","sha512":"f1ceb6dc3e68988e4bad05ab55e50fb6ec2b0df4b4deb8f8046fb96cd7ea8d456e061bc5d207b93ca106f97a98a839e814ec713011c65d97f85af7f8bfba4a7d","ssdeep":"","tlshash":"b8c08c88210b0cb059a72b024bbfa300b009320194909920380f23448f21d07a764824","size":160,"data":"","first_seen":"2026-07-02T12:49:13.521769Z","last_seen":"2026-07-02T12:49:13.521769Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7840b15e212e67aa01ddd735815fd96a","sha1":"2b39db924280e28d0ea0daab4ca093fe8a9539ea","sha256":"eb0f22a2f5720275343bb0ae67bdb970366374df9a23a3d2fd730e62e8d9fe1b","sha512":"ce9d77996da6923a582ce2574d902b47814deed7ace425b6d3c1faf99f8c0e3a69ade5196d8d263a5000acf0f5e245b733b38e2f2fd3a40dc20de91ce0e17ede","ssdeep":"","tlshash":"f6e0722a34c6003a42b759a623b7810a25272b0bc48ecb12ba9fc8a61f24ca5040250c","size":319,"data":"","first_seen":"2026-07-02T12:49:13.5229Z","last_seen":"2026-07-02T12:49:13.5229Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8664153b0ba8b289c29574b9c232b0e7","sha1":"fc55088f8e75822afa846e6ba02f591f1472b19d","sha256":"03e3ac6c038bdc562b12eaedc6eaab9b84ae6a1f62f4e3cf0ba50e313933e967","sha512":"c0fade45dbf92c9f06b56cd4594f10d437c4ad75c3a905dc3b60b43b1167e79eb86ea96e3f6cc383bbbd25533c342af184c20a69a101bca356503af672760525","ssdeep":"","tlshash":"90c0806bab991531c133f05a3f6da5562577510233005e553e0d19480f44a549761b14","size":180,"data":"","first_seen":"2026-07-02T12:49:13.525638Z","last_seen":"2026-07-02T12:49:13.525638Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/script.js","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dae87d74e13a2eb18b836072d2a943d7","sha1":"f469b143f3f816cc95d0a326a709f14a7077753b","sha256":"bb8241e6acba86dc64dc1c3af48780df9a68c42021465cd794658f2b3748c57b","sha512":"6d1dfd8a185c22fa1155fd7e9d1401858715329e4c60fb0e117fd0338cfea1246d75de5fae97b0f9e75644e3588b1763de954df2e4c66d4590e40a38f9ba9c06","ssdeep":"","tlshash":"7971e02f62f7257546b37176838fa3497221108b7401e9543dad8b482fd366109f3edb","size":3823,"data":"","first_seen":"2026-07-02T12:49:13.514419Z","last_seen":"2026-07-02T12:49:13.514419Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-KVE1B9WL26","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f1261ff6c2a8d5daf19ed9d46561359e","sha1":"afaaa7a80d8ed4de4a72411c77f7671585607b90","sha256":"af31d31327e95e1cd97447631024390f5cc9b97cb95c3d63213bab07f49c2dbb","sha512":"8484316a812e41ca2d601bcf5a95188f5bbdc6edafa9c9071e8a976a25d3519242233036a77700007c809214f5150b1c2280041718b405902d20ba74629375a3","ssdeep":"6144:ZL1StCn0dFkiqGCvJwXQd7pcxIGQznsWjfGUpEGmwvPrLi:91SzFB0AQQUpEZEni","tlshash":"75a4f8cdb3d674265396f478903f018ba57b28a2b44cc899f189cce42e7465a8277f7c","size":485373,"data":"","first_seen":"2026-07-02T12:49:13.498208Z","last_seen":"2026-07-02T12:49:13.498208Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"processhacker.net/images/icon.webp","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.959Z","timestamp":1782996524959,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /images/icon.webp HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\netag: \"69eeff42-bac\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sLv%2BlAQh7Kt%2Fv31l4l3yNTaTFYvb%2BaRe51MOqNjhGoRKmnpBUfbOIgOJT%2FaXMFSoQU0Qm%2Fviz0FnwGw4%2FwSoQXwj%2Fk1Hmb9YSynmJZ9u14KjvDMdMPS0ZcI6t494c4adrHajiA%3D%3D\"}]}\r\ncf-ray: a14dc4399876783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 2988\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2988,"size_decoded":3745,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6cc17108c34feb90a0ff945e24270f1a","sha1":"1ca994b7ba99822ff436183f016e3b5105ed9138","sha256":"275afb29e8ab872dca2a4d22021a5deb400049d3bc39a1d0ccf47f91d4c87927","sha512":"d7c6dc1dba3c3d53e690ab63c00cc1e18687955058a1b7910d45e49ac38d020134c601add3b432a53dc01dbeba5c443f384bb381b4cb14470d2e1d684fa7ac1c","ssdeep":"","tlshash":"45514caded35dd8bd67a913f4caf77739bf8a0280281648b81bac8099644a63d1d3c04","first_seen":"2026-07-02T12:49:13.492683Z","last_seen":"2026-07-02T13:53:26.324647Z","times_seen":4,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/common.js","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.695Z","timestamp":1782996524695,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /common.js HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 24 May 2026 17:09:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1330de-829d\"\r\nexpires: Fri, 03 Jul 2026 00:48:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1NbsapcHMzchbg8vrd7Rum5X4%2BUyQRMRn1KwasrsiJBKBq0VFHNdT0Xi9ePZqJ%2BjLL3bK3dWoxsGte8ne4yH0fjWajaHSxw%2BBYZjwjZTZ6Ckye4MyXB1L7Al%2FYIpKS1Ez%2BdhIg%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a14dc4375fe5783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33437,"size_decoded":6317,"mime_type":"application/javascript","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (761)","md5":"eb3c5268d8a536497e92c1365655aeec","sha1":"7747fc1635564c841bb3e9e2162a55e7734a9fcb","sha256":"e5b75cf20f2cb0312071f92ad42a82edb2d94e7359db0c5b35b5707101669943","sha512":"0bceb94e374075bea7dc4676e63991964db7fb96256ba031ab28317c2af4719de7bba8262d27c3e7ecf6e76ccc920fbae30d3f26e15e087bcc9c6f7396fbf6ad","ssdeep":"192:MrW6LQXa7ilay4cOT2P2B262p24u9K2N2X2G2Ccf2v292LWuK232LS2N2X2G2nz8:0f0vSkCFUVqW/mwasu85qW/cffVzU1","tlshash":"21e272bc63f4126d90c78361a79a397c683dc163f617844cb27d51b2af83c1a9793ab1","first_seen":"2026-07-02T12:49:13.494443Z","last_seen":"2026-07-02T12:49:13.494443Z","times_seen":1,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/images/ProcessHacker2.jpg","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.712Z","timestamp":1782996524712,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /images/ProcessHacker2.jpg HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff42-5b35\"\r\nexpires: Sat, 01 Aug 2026 12:48:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=da3OljpO%2FMk23fAuwC2HtcvJCAc2epLi8xEQbGN118GMjHiozTIFde0KhTOAx4g1JaVRQR%2B95ErZR2UEpYdo9%2FE%2BVJh8ThMSB6lGO9CNf%2FHHqaBC6S2rMVZ1vUiVYcdSH1dFGA%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a14dc4377fea783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23349,"size_decoded":23337,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 393x194, components 3","md5":"fa5ec5d33418d2a7911e410fde78ae73","sha1":"9f705455945f7b7d182450f4bc8ab8bb778ff5ba","sha256":"af6c2ccb0194b6c011c4fc22a6809a2c2deecdd91953eac6a85de4412f9b9306","sha512":"f4f3eaa3be56337323c6d23d644201baa722a2c24987c2ad687d585d7b3c55bf4a4be95f1bb6216399c0da2aaca6b421990626a98581094b3e50416ce946eb8b","ssdeep":"384:oKcCJAcTFDVozhgOztQWcumNWA5R1jTlzrKOOK48xIr8Fc0niOIpPq1iXo4:oKFRIa7tRdzr/rIg+pi1iY4","tlshash":"bba2e1d9721ba198a50cc9f70402f5cd6c4c46d3ac919a0d2aa69ef87ff13d42cca674","first_seen":"2026-07-02T12:49:13.496811Z","last_seen":"2026-07-02T13:53:26.335759Z","times_seen":2,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/images/icon.webp","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.958Z","timestamp":1782996524958,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /images/icon.webp HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\netag: \"69eeff42-bac\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LAVAwkzz0G7UEiv0pgbjLeXUoFcIxOXbaF27yiPOX8zHW56X15RbF5S2PwL1fAL3UVxS6K6aMbp9qTQep%2F9ApRazZzSCpi8eh4wG%2B3x4F1TrlxvUt8yPSLtSCABbL%2FPSMB9JMQ%3D%3D\"}]}\r\ncf-ray: a14dc4399875783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 2988\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2988,"size_decoded":3737,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6cc17108c34feb90a0ff945e24270f1a","sha1":"1ca994b7ba99822ff436183f016e3b5105ed9138","sha256":"275afb29e8ab872dca2a4d22021a5deb400049d3bc39a1d0ccf47f91d4c87927","sha512":"d7c6dc1dba3c3d53e690ab63c00cc1e18687955058a1b7910d45e49ac38d020134c601add3b432a53dc01dbeba5c443f384bb381b4cb14470d2e1d684fa7ac1c","ssdeep":"","tlshash":"45514caded35dd8bd67a913f4caf77739bf8a0280281648b81bac8099644a63d1d3c04","first_seen":"2026-07-02T12:49:13.492683Z","last_seen":"2026-07-02T13:53:26.324647Z","times_seen":4,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/images/icon.webp","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.960Z","timestamp":1782996524960,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /images/icon.webp HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:45 GMT\r\ncontent-type: image/webp\r\nserver-timing: cfExtPri\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\netag: \"69eeff42-bac\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6UrF3a%2BgUaQp2ysa5yOo39m87MhmVVSwMe4hCPZjBSbsO8WDtR1q07mYNKUL8Tnna3Sen8WdfBE%2Bb%2BUi8G1nHyUl6smdu8AZ5RgVIfj3jiFXRlasiwMr576sStmhy7%2BgvDGCrg%3D%3D\"}]}\r\ncf-ray: a14dc4390850783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 2988\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2988,"size_decoded":3729,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6cc17108c34feb90a0ff945e24270f1a","sha1":"1ca994b7ba99822ff436183f016e3b5105ed9138","sha256":"275afb29e8ab872dca2a4d22021a5deb400049d3bc39a1d0ccf47f91d4c87927","sha512":"d7c6dc1dba3c3d53e690ab63c00cc1e18687955058a1b7910d45e49ac38d020134c601add3b432a53dc01dbeba5c443f384bb381b4cb14470d2e1d684fa7ac1c","ssdeep":"","tlshash":"45514caded35dd8bd67a913f4caf77739bf8a0280281648b81bac8099644a63d1d3c04","first_seen":"2026-07-02T12:49:13.492683Z","last_seen":"2026-07-02T13:53:26.324647Z","times_seen":4,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-KVE1B9WL26","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.688Z","timestamp":1782996524688,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Jun 2026 08:39:04 GMT","end":"Mon, 07 Sep 2026 08:39:03 GMT"},"fingerprint":{"sha1":"6D:E4:85:F4:01:A4:0B:02:E0:64:E2:F2:58:93:6D:3F:4C:AB:30:9D","sha256":"4A:07:79:34:AC:03:17:68:07:4A:CB:68:23:A7:E3:14:B2:DE:22:3C:E1:AE:8D:F5:2F:2E:2D:C6:28:58:47:CE"}}},"request":{"raw":"GET /gtag/js?id=G-KVE1B9WL26 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: zstd\r\nvary: Accept-Encoding\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\nexpires: Thu, 02 Jul 2026 12:48:44 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 165055\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":485373,"size_decoded":165659,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6033)","md5":"f1261ff6c2a8d5daf19ed9d46561359e","sha1":"afaaa7a80d8ed4de4a72411c77f7671585607b90","sha256":"af31d31327e95e1cd97447631024390f5cc9b97cb95c3d63213bab07f49c2dbb","sha512":"8484316a812e41ca2d601bcf5a95188f5bbdc6edafa9c9071e8a976a25d3519242233036a77700007c809214f5150b1c2280041718b405902d20ba74629375a3","ssdeep":"6144:ZL1StCn0dFkiqGCvJwXQd7pcxIGQznsWjfGUpEGmwvPrLi:91SzFB0AQQUpEZEni","tlshash":"75a4f8cdb3d674265396f478903f018ba57b28a2b44cc899f189cce42e7465a8277f7c","first_seen":"2026-07-02T12:49:13.498208Z","last_seen":"2026-07-02T12:49:13.498208Z","times_seen":1,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":2,"connect":15,"send":0,"wait":36,"receive":44,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@tailwindcss/browser@4","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.692Z","timestamp":1782996524692,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/@tailwindcss/browser@4 HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 68133\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 4.3.2\r\nx-jsd-version-type: version\r\netag: W/\"43730-cv+oV5vtIBy0YKTZKfkeYqCKtgY\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230233-FRA, cache-bma-essb1270054-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 33914\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gE9Lo9li8RYSJvumHjHFcrBwLuoyYho2%2FU1lTMFtLmf%2BoCNDNTyQr3T%2BfUvoFzk8NyjvH%2BgGaxiAlvzrE6FI6bzytdBfxxSDzmTY2IAFtZEc%2B8wD%2B%2F3QmDXfuoEJhmveRds%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a14dc4376b2f4e4c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":276272,"size_decoded":69271,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65267)","md5":"4ab42b0053e976bc3a170bb73eb47e4a","sha1":"72ffa8579bed201cb460a4d929f91e62a08ab606","sha256":"d04446c80203b7517ca833115e9bdcbd87f1ff709a9f4f7ca48804604129d782","sha512":"99037b4ad0b354997eaf089e5adf9afec0ccea6b9c15223adfab27d897fc4877c105d68bfeb093ea1c04e9aff378393131689519862e1385a478cb9157abb99e","ssdeep":"3072:O3M3h4O2WMhWAY/LBcDcQKwod0PNTsVPYoYZGJtgXoul5VWR8cWiYVSi5+0Lra2Z:D2OT7jaWsNxy0uOz","tlshash":"cf442b353603a03e5fbb43da20de6004d62e6b65a75841e8f782d51b21e5af809f7f39","first_seen":"2026-06-30T06:12:31.279404Z","last_seen":"2026-07-03T03:09:44.104071Z","times_seen":33,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":2,"connect":1,"send":0,"wait":6,"receive":2,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/images/ProcessHacker4.png","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.715Z","timestamp":1782996524715,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /images/ProcessHacker4.png HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff42-204f\"\r\nexpires: Sat, 01 Aug 2026 12:48:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cSHj%2BeeKOrP5ifk2DfqHw7J4F%2BB5ccICHg23CJiQwbXRosLzGMV%2BmkkW2WkIQPhp5bD34FCVVh1bZvAr3ERlhsJUAiEMzCKrxXaQdcI633PzGUvPVp3pD0DNPlxvlzpsROJMiw%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a14dc4377fed783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8271,"size_decoded":8913,"mime_type":"image/png","magic":"PNG image data, 641 x 296, 8-bit colormap, non-interlaced","md5":"cd0f2465c01b72e22c6714b5036e2da6","sha1":"3dc3b57c950a2465fd51f74bb92e7f90b552cc2c","sha256":"0da1d39f7d75f3107856e65f6566ffd10c081fc2d79323d14b16dc1da8d8f143","sha512":"98d39b829bc406b7e33644996d27e925f86b8e0c59d9808cf52c510ca77079a430dc3ef37a0bae95c4c23459b37fb5a947690d5f240aa2f97c18514a8b636969","ssdeep":"192:pNXyE4uZ/MLflCOmUzDcwXzOUkdVPOd11gt1OX7TkGQrG+3qiEipqt5:pNyE4uZ0ZmUzDcwXzBkzkgt1EFiD3qi8","tlshash":"f002b033cab341ba6e0a817b9ecd9dde0fd025110127d2db4dc645b87e92ea44b496f4","first_seen":"2026-07-02T12:49:13.505929Z","last_seen":"2026-07-02T13:53:26.32949Z","times_seen":2,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/images/ProcessHacker7.png","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.721Z","timestamp":1782996524721,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /images/ProcessHacker7.png HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff42-b3bd\"\r\nexpires: Sat, 01 Aug 2026 12:48:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a0maksJJ4H0tUsbpk6EJXmT9notW4ctZm%2F6mNeUMEFMZqzPQYU%2BvltXZ926lUCrnzpM54VyKULUHCtuLNSP9Tp01TTkopIgaubVI0n5n57lFX2D5iyqrcYiHfCdB5U82yZYcYw%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a14dc4378ff1783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46013,"size_decoded":32282,"mime_type":"image/png","magic":"PNG image data, 1034 x 599, 8-bit/color RGBA, non-interlaced","md5":"2a675424480c48567c83690ca3901745","sha1":"5f9dac7d3f06edf9b8596d5461543e43d6e09896","sha256":"7e8841487875837c654c92bafabeb05309d44c250681a6866a017bf61d7df586","sha512":"5828d3029cd06e217e681e4b43e844c46df050c9a73e51fbdf87a711ff808c926e0e8e7c2630513ac366295b215029abf38ff91afdc64806fda08299567efcb3","ssdeep":"768:8Q4skbb49zUO8OPpqMYDLfXa4JFExQNStAWVdX:8ykbbZO8OxETXFwxQidX","tlshash":"c3237d5e0f2bda316d92171d76720a3621e31d83cdba6618afbdf17e0ce5814d90f189","first_seen":"2026-07-02T12:49:13.507441Z","last_seen":"2026-07-02T12:49:13.507441Z","times_seen":1,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-02T12:48:43.987Z","timestamp":1782996523987,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\npriority: u=0,i\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oUFvH7x1WL%2FukgnAGmCufp0EzU65HHcTy3qbQ0LopkGoXV6FvvwnDJsR4g5OI2uSHZ3pGUB50jlRs3Dxn48JdmmQCCijtxDViZ%2FiSo5FfgVFNWoCae6ZZggejjsP%2BnoxBsnmUg%3D%3D\"}]}\r\ncontent-encoding: zstd\r\ncf-ray: a14dc4332f4f783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":42782,"size_decoded":8605,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (344)","md5":"9123065a9d8cbb2bac3b88a2ef58d573","sha1":"80d5e8ad071ec1afaa7a04eaed40a1e97964bcb4","sha256":"740b326e52af993c29414201f63d717466a9b3916332651df10c845e47094d20","sha512":"54b661ab02bedb8dbb4b6426abb89bf11bb6ff7ab54495d18f748845111881861d09cf8adc558459bb2a0893d07c3663189cdd3554e7b01ed103f4009993e83c","ssdeep":"192:vqxmASIvS2RQWzDAFQ5knAwTT4yRm0qu3efYVjAa+3YFcCtsF/F1fPjKXQf7RooN:+SUPaLDQR35K5t+LfmXQfPMi5","tlshash":"4e13633572f4193f60db82b2fb61273b6ea8c647c51b8158b2bd81a46fc3c46ce53664","first_seen":"2026-07-02T12:49:13.509111Z","last_seen":"2026-07-02T12:49:13.509111Z","times_seen":1,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":17,"connect":15,"send":0,"wait":125,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/script.js","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.697Z","timestamp":1782996524697,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /script.js HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 24 May 2026 17:09:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a1330de-eef\"\r\nexpires: Fri, 03 Jul 2026 00:48:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6v%2BZeEPZ800IsHPJTHFSpBGBmOdbxrieJdhlXrG2yaGxQKc663UchtBn0Csgxs%2F9R3a3idlXrCRj7WRdq3CAJtie5pHFJZIKV3q2ZgjqZSn8jJ6Y3THYI%2FxSVELaLZoErzUtNg%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a14dc4375fe6783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3823,"size_decoded":2071,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"dae87d74e13a2eb18b836072d2a943d7","sha1":"f469b143f3f816cc95d0a326a709f14a7077753b","sha256":"bb8241e6acba86dc64dc1c3af48780df9a68c42021465cd794658f2b3748c57b","sha512":"6d1dfd8a185c22fa1155fd7e9d1401858715329e4c60fb0e117fd0338cfea1246d75de5fae97b0f9e75644e3588b1763de954df2e4c66d4590e40a38f9ba9c06","ssdeep":"","tlshash":"7971e02f62f7257546b37176838fa3497221108b7401e9543dad8b482fd366109f3edb","first_seen":"2026-07-02T12:49:13.514419Z","last_seen":"2026-07-02T12:49:13.514419Z","times_seen":1,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/images/ProcessHacker5.jpg","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.717Z","timestamp":1782996524717,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /images/ProcessHacker5.jpg HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff42-8912\"\r\nexpires: Sat, 01 Aug 2026 12:48:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UvftKO5smlVgDkv%2BTu1WObjPKWOu7igH0d20jurtKN1SwRw%2Fkpo35UBWpxbUdwUqv%2BjWyflZQ%2BMPyi105vZwXhxg5fLRjpBEsUjIVtHRaRhCeWq3M9cqfvAJFr1Yb9Ctrr%2BaCQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a14dc4377fee783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35090,"size_decoded":33896,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 393x261, components 3","md5":"27550c377f1373a8f7a0f56c0040489a","sha1":"5f12d008b2ae97af7336d67fa917fb1f7cb0242b","sha256":"af1cfeb95f3adf2e74a06ee49c2bcb5bb90ba8fc528cf765b52cd81ef46fd74e","sha512":"8ba5a8f0e4679496f3aa2679d2db871a575f4654b3c1ca79cf74714aeb11d9c65be0012b916b26ab4e24b2817393fe8cf15c722ff99d2eb78eb4e9101f8b7271","ssdeep":"768:ruFA3xco5tunB+vDFWrSmSjVydeXdJDgjXvU7689i+dFmi:n3xh3rGA8eTD+vU7689ioFmi","tlshash":"56f2e08c006ec4cef8dc4275e1b153b47c971ca02562e7798e96f27f530792db9a8d4a","first_seen":"2026-07-02T12:49:13.515916Z","last_seen":"2026-07-02T13:53:26.333061Z","times_seen":2,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/styles.css","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.693Z","timestamp":1782996524693,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /styles.css HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff42-20f0\"\r\nexpires: Fri, 03 Jul 2026 00:48:44 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PPrCrQ6JZP7hx6jN8ZPtZs7%2BLMv%2B6BfYASBh6UeGkw2xJr0AJIxTmi5yno2DVuYpLOM6XC4lSzdCZw%2BLnPvbIhfFGq6j9ZTHmE%2BJtdQGyqgXoxJoYwgJPbVsY%2FHmd%2Ba3Rw9Ylg%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a14dc4375fe3783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8432,"size_decoded":2914,"mime_type":"text/css","magic":"assembler source, ASCII text","md5":"e8ac86fef8e7571ed43976550f55674d","sha1":"1e7d1311a0d40f527042096c63897307df5c1834","sha256":"baa2333cbc469121c255b592d5d91c342aef6e909245bedc5ff45de3a78d2e68","sha512":"f47684735da31d73efc4ff9789e93c26d63d674f8aecf6742b0daaaf75f8ed1a96863f6ab9419e4d941878e60369f75e8172c63e5d55dea477a7036e90b0345b","ssdeep":"192:TOoukGyUtxgC3FjX34aWg/myBvPz0LdY9KtcbTEARSj:1G/h7VO","tlshash":"450284e8da971c41705bc198d7b78787236c801bd80bde3db3c77294cf1a6a8a172b56","first_seen":"2026-07-02T12:49:13.517513Z","last_seen":"2026-07-02T12:49:13.517513Z","times_seen":1,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/images/ProcessHacker3.png","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.713Z","timestamp":1782996524713,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /images/ProcessHacker3.png HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff42-123a\"\r\nexpires: Sat, 01 Aug 2026 12:48:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aCbUJZBb4OvWNKIznss8aL986G2UwdV7toMi7LMyBqW9wPvrpvmu2uU6ewQ%2BCiY9BGaAYaqDL5btyAvT0xnybDyTF30FQFN21QMCNCgK3uV2Mk53t34odwsgOi4m6hHaKpzfxQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a14dc4377fec783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4666,"size_decoded":5402,"mime_type":"image/png","magic":"PNG image data, 650 x 199, 8-bit colormap, non-interlaced","md5":"fe2096251f1243dccbbb651e4100f45c","sha1":"c0348d26b39cec13ef264bded28456516bfa58c9","sha256":"face7ed012fe7a753e7332c99401515cda93dfa6a8639134e4791fa41d0e86e2","sha512":"c6a5183acc3a22d77bed04cef6a6a31202b2e58b3926806ef75e6ba96c08eca494591bfd2e67f1d13fbc38ee4d35c956d42042bca49993172292a828836829d3","ssdeep":"96:TVoO2R8UAYQ+pWO1EMf2QteB2c9HJC3vkfAWGjEJodoiHTinZPsttimuEz:TVYR8LByl2GeBR9HDAW1JCHTDoEz","tlshash":"4da17d6bdcac50763d0d9bf68512c871cb6ad3bb4a6c15181ee41af40597d0d4f4c3ad","first_seen":"2026-07-02T12:49:13.519103Z","last_seen":"2026-07-02T13:53:26.323743Z","times_seen":2,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"processhacker.net/images/ProcessHacker6.png","fqdn":"processhacker.net","domain":"processhacker.net","tld":"net"},"ip":{"addr":"104.21.56.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://processhacker.net/","date":"2026-07-02T12:48:44.719Z","timestamp":1782996524719,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"processhacker.net","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 17:19:06 GMT","end":"Sun, 23 Aug 2026 17:19:05 GMT"},"fingerprint":{"sha1":"6F:7F:1E:A2:5D:AF:2E:DF:85:4E:35:B3:D7:94:2E:BD:68:67:9C:73","sha256":"27:58:E3:D0:39:04:45:7B:A0:4F:E9:9C:0E:E8:83:96:B9:83:C0:B9:F5:AF:A5:D3:97:81:1F:7B:0F:29:C4:93"}}},"request":{"raw":"GET /images/ProcessHacker6.png HTTP/1.1\r\nHost: processhacker.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://processhacker.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:48:44 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 27 Apr 2026 06:16:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff42-2e4d\"\r\nexpires: Sat, 01 Aug 2026 12:48:44 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kjR%2Fn5zO0WlLOpB4ZoTV1IARAMQFjeVMg8Kgjmk7SEMfY%2BpmUZIHJmkp8YxP4S64FaKnqGrqcMSiUZ0LpNYQ223tMlkQR1ufz5OicpJxSzxVnP%2FbWpsZxMvckc3gOyl3%2FjWo%2Bw%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a14dc4378ff0783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11853,"size_decoded":12421,"mime_type":"image/png","magic":"PNG image data, 621 x 325, 8-bit colormap, non-interlaced","md5":"741b08c81a22e4803de53cd7009a724c","sha1":"0e50c4ed10066dd6217952a3cc22345620792ba1","sha256":"8bafba9caa98bf5de30d12fa0d496bdf273d8156906f6d8eedd7800bdf44e846","sha512":"2d931cf2e32f72d08bbe5155125fc43bcf9df9a035e10d7a3a2672f3c7b103fdb4a08eca23a999eeabdc237b6cddefef9067214f542fb740526ca865a5f11e22","ssdeep":"192:PzmF3dXtpCVe/n9fm2SWnvdfVrgnQoWSDSiFyOe+fLS/UOUS704V4Xdc:PUvwynRlSG1mnDSEpe+T0r04V/","tlshash":"c632cf76db1bfcd9cd32d62c4438380121a25bc51ffcb1a86c956f92e3830b2536a6d4","first_seen":"2026-07-02T12:49:13.520338Z","last_seen":"2026-07-02T13:53:26.330432Z","times_seen":2,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"processhacker.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}
