{"report_id":"ed1b65ab-1f70-4aee-803a-e8af2af24a26","version":6,"status":"done","tags":[],"date":"2025-11-08T16:07:22Z","url":{"schema":"http","addr":"labmediasolutions.trk2afse.com/click?pid=14\u0026offer_id=192764\u0026ref_id=690f6a87ad07d80001613ff5\u0026sub2=","fqdn":"labmediasolutions.trk2afse.com","domain":"trk2afse.com","tld":"com"},"ip":{"addr":"34.90.81.51","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"heroadblocker.pro/ext.php?ah=czed3725lskY\u0026ao=\u0026ak=690f6a9c2ebdeb0001f4b3e0\u0026aj=ed\u0026an=2\u0026am=","fqdn":"heroadblocker.pro","domain":"heroadblocker.pro","tld":"pro"},"title":"Hero Ad Blocker","dom":{"size":2390,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"fa7713a9022a6354eb0de87fc9cda6ca","sha1":"1698062b4d7ab86a5255d2e175345d3ac2d30a0e","sha256":"dce02420e52d90a6df1e7efe26d1dc79e8fcf4d2ea8ccbb655c8f3c4ab39da0f","sha512":"19f7024bef33a5a865c030d14b99192cabba012f96d1757aa9b59abec416aae87b1a9e342b76fbdc70052411435aa146627a9000d1fc548c8ca813f9fdd3f599","ssdeep":"","tlshash":"a141503434f915732593c0a16b96b7486fb58053e22ae440bdef83994f91e03d4b3589","dom_hash":"domhashac7289fa9a51939e860a8804fd773fdd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"labmediasolutions.trk2afse.com/click?pid=14\u0026offer_id=192764\u0026ref_id=690f6a87ad07d80001613ff5\u0026sub2=","fqdn":"labmediasolutions.trk2afse.com","domain":"trk2afse.com","tld":"com"},"ip":{"addr":"34.90.81.51","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-13T16:07:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-08","alert":"Sinkholed","trigger":"heroadblocker.pro","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"heroadblocker.com","ip":{"addr":"172.67.189.81","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-05","domain_rank":355580,"first_seen":"2025-06-19T18:06:55.445825Z","last_seen":"2025-11-02T21:37:16.332838Z","alert_count":0,"request_count":2,"received_data":9605,"sent_data":888,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"heroadblocker.pro","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-08","domain_rank":400160,"first_seen":"2025-05-31T07:57:02.325598Z","last_seen":"2025-11-06T22:50:00.309642Z","alert_count":1,"request_count":1,"received_data":3193,"sent_data":556,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-11-02T22:17:55.857863Z","alert_count":0,"request_count":1,"received_data":208080,"sent_data":454,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"labmediasolutions.trk2afse.com","ip":{"addr":"34.90.81.51","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-11-26","domain_rank":1930333,"first_seen":"2025-06-07T22:06:35.941437Z","last_seen":"2025-11-03T20:21:35.190668Z","alert_count":0,"request_count":1,"received_data":822,"sent_data":565,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"xylon54tz.com","ip":{"addr":"104.21.75.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":1821670,"first_seen":"2025-07-31T09:06:59.881044Z","last_seen":"2025-10-18T22:36:44.288344Z","alert_count":0,"request_count":1,"received_data":829,"sent_data":562,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"heroadblocker.pro/ext.php?ah=czed3725lskY\u0026ao=\u0026ak=690f6a9c2ebdeb0001f4b3e0\u0026aj=ed\u0026an=2\u0026am=","fqdn":"heroadblocker.pro","domain":"heroadblocker.pro","tld":"pro"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"bc3c5c5ffc6ecfb75e25a1f555caa3e8","sha1":"810bcb84c5bd7b8cd36033b96a9d24eb66d916a8","sha256":"2c349ef6d9440e336ec020f241331ab022eef1e61338e1c3e24c282543bc3990","sha512":"bf39edcbe0f0c45b8032276fdbdbabafcf132e739853cc003cb3705b9ae5e62991ecdba38b397c5dd1a8f1e5d21e2a039b09857e97b6f44ad7d6dfbe26f18084","ssdeep":"","tlshash":"02f061690557567517b7502d474f790032b600932014e800bd4cde5a4fd0f1654f91c3","size":458,"data":"","first_seen":"2025-07-24T17:22:15.446889Z","last_seen":"2026-03-02T15:35:41.665272Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"heroadblocker.com/images/icon.png","fqdn":"heroadblocker.com","domain":"heroadblocker.com","tld":"com"},"ip":{"addr":"172.67.189.81","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://heroadblocker.pro/ext.php?ah=czed3725lskY\u0026ao=\u0026ak=690f6a9c2ebdeb0001f4b3e0\u0026aj=ed\u0026an=2\u0026am=","date":"2025-11-08T16:06:53.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"heroadblocker.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 22:40:14 GMT","end":"Tue, 27 Jan 2026 23:37:55 GMT"},"fingerprint":{"sha1":"A7:80:50:85:82:4B:61:4F:25:5B:55:C9:82:19:9A:1D:9D:A1:DE:38","sha256":"88:62:4B:AB:58:69:69:1D:4A:9E:F4:E2:1E:24:66:9E:2E:2A:02:55:C4:18:B6:F6:89:8C:0B:84:36:7D:3D:4E"}}},"request":{"raw":"GET /images/icon.png HTTP/1.1\r\nHost: heroadblocker.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://heroadblocker.pro/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 08 Nov 2025 16:06:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 4176\r\nserver: cloudflare\r\nlast-modified: Mon, 05 May 2025 08:29:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68187700-1050\"\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3kz3F8Cscmm2sbHSyYsoDsJvdotyB0fceoPnOYc2q4dQhUHdsD36jUGpnugLb7ilY7KNjr6nBhYuq8gSZGIgKuUjJsEABKcrUQBssvSxrg%3D%3D\"}]}\r\ncf-ray: 99b651f7fefa568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4176,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"ddb10b9fac4a8cd069d4a396b0aed394","sha1":"21bfe8f34509fdec8e284e5a588f00a981cd1eab","sha256":"a98bfc4cafcf39e993d499de65941fcea80b601c71f9ad124c600c7c832e5076","sha512":"1fb1e6da67f751975e838aec940ccf1b1e519cf856106742cb632de0bfad37eb57a0dcccbfb585b835ba5980f38d2c36aaeed3250edf762cdc9c39c6f096a1d2","ssdeep":"96:WS1ZQxPceJAgFJMoFLREk/1achHUnVw5ORUH4QZtQ:WSEP3JAIhFdEKd6VZ25Ze","tlshash":"6c818e2b76422ed09a5861f73684c316ca148bceb374d209bd5014ba764abc4f6d363c","first_seen":"2025-07-24T17:22:15.427401Z","last_seen":"2026-03-02T15:35:41.660797Z","times_seen":30,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":48,"dns":22,"connect":1,"send":0,"wait":97,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"heroadblocker.pro/ext.php?ah=czed3725lskY\u0026ao=\u0026ak=690f6a9c2ebdeb0001f4b3e0\u0026aj=ed\u0026an=2\u0026am=","fqdn":"heroadblocker.pro","domain":"heroadblocker.pro","tld":"pro"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-08T16:06:52.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"heroadblocker.pro","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 01 Nov 2025 13:31:30 GMT","end":"Fri, 30 Jan 2026 14:28:58 GMT"},"fingerprint":{"sha1":"66:94:63:72:F3:B0:F4:44:84:EB:D6:9B:74:B0:F7:96:CE:08:1E:0D","sha256":"2B:73:D6:08:C4:70:EA:A1:0C:2F:2A:A7:9C:9D:3F:86:A7:3C:6E:97:B9:80:90:BA:DB:BB:91:6E:A4:30:EF:61"}}},"request":{"raw":"GET /ext.php?ah=czed3725lskY\u0026ao=\u0026ak=690f6a9c2ebdeb0001f4b3e0\u0026aj=ed\u0026an=2\u0026am= HTTP/1.1\r\nHost: heroadblocker.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 08 Nov 2025 16:06:53 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f1yuOPT63b3cW66I%2B8KEkN8JYuCZUdbJcewAjZN6WKucO8iVchb7bqHrKhQhdr3klBBEPeM7YMq7EnOZfvTS6snn7PJmYbHYIZO99pemrNqz\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: _asd=17626180139930882; SameSite=None; Secure; Path=/; Domain=heroadblocker.pro; Max-Age=31536000; Expires=Sun, 08 Nov 2026 16:06:53 GMT\r\ncf-ray: 99b651f55c1f0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2409,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"7fce12ca976f333cfe22a77908892f55","sha1":"118fb0fde271527b16f37c0ba172fcaa8a385e69","sha256":"062256167b4c8c0eecc5fa2f80f3a932b061e90795680521ca48c1a96558ea9f","sha512":"e20d8bb3e90b2389928ddbcd10916e08d63b89e3000fd9256bf9536f97b7560f06df3622842dd22716f45999398ee73fb78322625def867ad1aa0f1dc96904db","ssdeep":"","tlshash":"9341503434f916731193c0a16b96b7486fb58093e22ae440bdef839a4f91f07d8b7689","first_seen":"2025-11-06T22:50:00.962915Z","last_seen":"2026-01-17T11:10:42.160717Z","times_seen":8,"resource_available":true,"data":null}},"time_used":349,"timings":{"blocked":72,"dns":53,"connect":1,"send":0,"wait":203,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-08","alert":"Sinkholed","trigger":"heroadblocker.pro","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bulma@0.9.4/css/bulma.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://heroadblocker.pro/ext.php?ah=czed3725lskY\u0026ao=\u0026ak=690f6a9c2ebdeb0001f4b3e0\u0026aj=ed\u0026an=2\u0026am=","date":"2025-11-08T16:06:53.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/bulma@0.9.4/css/bulma.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://heroadblocker.pro/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 0.9.4\r\nx-jsd-version-type: version\r\netag: W/\"329c6-nL+P0n9QpqJ97JxmCBpSBWnGeaQ\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 08 Nov 2025 16:06:53 GMT\r\nage: 1053630\r\nx-served-by: cache-fra-etou8220157-FRA, cache-hel1410021-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 28353\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":207302,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"604205736eda4815fc08e1dcda46d3fc","sha1":"9cbf8fd27f50a6a27dec9c66081a520569c679a4","sha256":"ad3a5d3b41d7042369ade00772eead0763e9839d79568fb91ad612b2734bcfef","sha512":"1eac4752424cd1261c6efc54c393fad12cdd393cbf415c00d4926bbda5c9bf8abb9666c36429996aacf4d543ce690bdea317d846fd6d1e8cd618f31cb9306ebd","ssdeep":"768:tZHa2YfD0HK3E4QMMJNdz6CPry05DEJa09DKMzsRLcB73yMBgDFlWxG2A3UaQS+T:9lAe5hFC","tlshash":"f1149992ee503c4f7513882e54d0f7a4272e59c4da1627b7b537b2e0864a78f2937f0a","first_seen":"2023-04-26T18:39:59Z","last_seen":"2026-04-05T13:21:39.253238Z","times_seen":2424,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":64,"dns":1,"connect":27,"send":0,"wait":37,"receive":2,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"heroadblocker.com/images/icon.png","fqdn":"heroadblocker.com","domain":"heroadblocker.com","tld":"com"},"ip":{"addr":"172.67.189.81","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://heroadblocker.pro/ext.php?ah=czed3725lskY\u0026ao=\u0026ak=690f6a9c2ebdeb0001f4b3e0\u0026aj=ed\u0026an=2\u0026am=","date":"2025-11-08T16:06:53.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"heroadblocker.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 22:40:14 GMT","end":"Tue, 27 Jan 2026 23:37:55 GMT"},"fingerprint":{"sha1":"A7:80:50:85:82:4B:61:4F:25:5B:55:C9:82:19:9A:1D:9D:A1:DE:38","sha256":"88:62:4B:AB:58:69:69:1D:4A:9E:F4:E2:1E:24:66:9E:2E:2A:02:55:C4:18:B6:F6:89:8C:0B:84:36:7D:3D:4E"}}},"request":{"raw":"GET /images/icon.png HTTP/1.1\r\nHost: heroadblocker.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://heroadblocker.pro/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 08 Nov 2025 16:06:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 4176\r\nlast-modified: Mon, 05 May 2025 08:29:52 GMT\r\npriority: u=6,i=?0\r\netag: \"68187700-1050\"\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vsBsBH8FIS4i7b9qXGInenDLShPk89TB5dEzOwTan4RY9AqMULeVyAAsrmYiO%2FAO%2B48duYKc32vYbfudKO0EkIb2NMFVD7a4cCYsH5ocI%2FIn\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99b651f94d871525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4176,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"ddb10b9fac4a8cd069d4a396b0aed394","sha1":"21bfe8f34509fdec8e284e5a588f00a981cd1eab","sha256":"a98bfc4cafcf39e993d499de65941fcea80b601c71f9ad124c600c7c832e5076","sha512":"1fb1e6da67f751975e838aec940ccf1b1e519cf856106742cb632de0bfad37eb57a0dcccbfb585b835ba5980f38d2c36aaeed3250edf762cdc9c39c6f096a1d2","ssdeep":"96:WS1ZQxPceJAgFJMoFLREk/1achHUnVw5ORUH4QZtQ:WSEP3JAIhFdEKd6VZ25Ze","tlshash":"6c818e2b76422ed09a5861f73684c316ca148bceb374d209bd5014ba764abc4f6d363c","first_seen":"2025-07-24T17:22:15.427401Z","last_seen":"2026-03-02T15:35:41.660797Z","times_seen":30,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":91,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"labmediasolutions.trk2afse.com/click?pid=14\u0026offer_id=192764\u0026ref_id=690f6a87ad07d80001613ff5\u0026sub2=","fqdn":"labmediasolutions.trk2afse.com","domain":"trk2afse.com","tld":"com"},"ip":{"addr":"34.90.81.51","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-08T16:06:52.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.trk2afse.com","organization":"Aditec Solutions, UAB"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 26 Nov 2024 00:00:00 GMT","end":"Sat, 27 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"81:6F:31:1C:23:F1:2D:33:9B:80:F5:64:53:D6:2A:CE:B8:D9:7B:1E","sha256":"2A:22:BE:82:7F:86:FF:CC:34:C7:92:9C:F8:BC:6B:86:C0:DD:2F:FC:29:7D:68:E9:D5:A2:82:84:99:AB:AD:92"}}},"request":{"raw":"GET /click?pid=14\u0026offer_id=192764\u0026ref_id=690f6a87ad07d80001613ff5\u0026sub2= HTTP/1.1\r\nHost: labmediasolutions.trk2afse.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sat, 08 Nov 2025 16:06:52 GMT\r\ncontent-length: 0\r\nlocation: https://xylon54tz.com/?campaign=czed3725lskY\u0026version=2\u0026zone=\u0026click=690f6a9c2ebdeb0001f4b3e0\u0026network=ed\r\nx-adjust-use-original-forwarded-for: 1\r\nreferer: \r\nreferrer-policy: no-referrer\r\nset-cookie: afclick=690f6a9c2ebdeb0001f4b3e0; expires=Sun, 08 Nov 2026 16:06:52 GMT; secure; SameSite=None\nafoffers={\"192764\":[1762618012,1]}; expires=Sun, 08 Nov 2026 16:06:52 GMT; secure; SameSite=None\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":271,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":386,"timings":{"blocked":168,"dns":20,"connect":38,"send":0,"wait":49,"receive":0,"ssl":105},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xylon54tz.com/?campaign=czed3725lskY\u0026version=2\u0026zone=\u0026click=690f6a9c2ebdeb0001f4b3e0\u0026network=ed","fqdn":"xylon54tz.com","domain":"xylon54tz.com","tld":"com"},"ip":{"addr":"104.21.75.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-08T16:06:52.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xylon54tz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 28 Oct 2025 01:26:48 GMT","end":"Mon, 26 Jan 2026 02:25:29 GMT"},"fingerprint":{"sha1":"E8:BF:04:56:20:0E:EF:56:EE:27:07:2E:F0:4B:FA:F7:41:3D:60:A6","sha256":"D4:BA:2E:AA:81:52:FB:34:45:C5:01:B6:68:8C:59:AC:40:6F:51:CC:63:E3:0C:24:DD:97:CB:A2:30:3E:9D:F9"}}},"request":{"raw":"GET /?campaign=czed3725lskY\u0026version=2\u0026zone=\u0026click=690f6a9c2ebdeb0001f4b3e0\u0026network=ed HTTP/1.1\r\nHost: xylon54tz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 08 Nov 2025 16:06:52 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Fuag%2FrSl86%2FAAi3j46VQfF0GwjgOU7%2FIl6M4MbMLxOW%2FdVDIcMc4f%2FgoP61ZekOR0bNDshJSUT5qrc3aUaUqqZr8Z2uAX9uucCle\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 99b651f1acff5688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":271,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"dc9cd8b7f5a524d4dec30bab3c23a3bf","sha1":"0d7135d961adef0aad43942edaa2a5573e62f04c","sha256":"010b8cd5027e4c3777237783c1819f62ff71d9fe36426477eeeec39fa20a65eb","sha512":"dc1c372031b32c90d06f935d0dec311e999a5186201be3a57ce04675df0c7323c7a3717a796bedca7457fe9cd53d136e8f703c3f80b587be21706c54394c89dc","ssdeep":"","tlshash":"29d02b9388591f9d227548505ca8358d20b73c0ab59984a4c0836089d0ecf71c08727d","first_seen":"2025-11-08T16:07:24.375257Z","last_seen":"2025-11-08T16:07:24.375257Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":67,"dns":40,"connect":1,"send":0,"wait":140,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}