{"report_id":"ee4d56f8-8fa9-4ae2-9834-fe8a0c8d90b7","version":6,"status":"done","tags":[],"date":"2025-10-05T01:38:01Z","url":{"schema":"http","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"172.67.171.166","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"title":"فيلم عمهم 2022 HD"},"submit":{"url":{"schema":"http","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"172.67.171.166","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-09T01:38:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":23}},"detection":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"pl26380627.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"pl26380627.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"pl26380627.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"pl26380627.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"torchfriendlypay.com","ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":191479,"first_seen":"2025-07-30T13:31:49.539518Z","last_seen":"2025-09-28T23:41:34.358154Z","alert_count":9,"request_count":3,"received_data":84826,"sent_data":1410,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-10-01T00:47:42.887723Z","alert_count":4,"request_count":2,"received_data":1060,"sent_data":1536,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-09-28T22:11:36.689828Z","alert_count":0,"request_count":8,"received_data":424446,"sent_data":6287,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-10-01T04:53:40.312929Z","alert_count":6,"request_count":2,"received_data":171926,"sent_data":830,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2025-09-28T22:14:42.13693Z","alert_count":0,"request_count":1,"received_data":96978,"sent_data":447,"comment":"","tags":null,"fingerprints":null},{"fqdn":"w.royal-drama.com","ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-05-04","domain_rank":0,"first_seen":"2025-09-28T01:35:20.908246Z","last_seen":"2025-09-28T01:35:20.908246Z","alert_count":40,"request_count":40,"received_data":1260485,"sent_data":23614,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"jQuery:1.11.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"BootstrapCDN:3.2.0","description":"BootstrapCDN is a powerful and reliable Content Delivery Network (CDN) that delivers static resources, including CSS, JavaScript, and font files, for the widely-used Bootstrap framework. By leveraging multiple server locations worldwide, BootstrapCDN accelerates website loading times, ensuring a smooth and visually appealing user experience. Additionally, it ensures website compatibility with various devices and browsers. The service reduces bandwidth usage and server load, improving web performance for developers and end-users alike.","website":"https://www.bootstrapcdn.com/","common_platform_enumeration":"","icon":"BootstrapCDN.png","categories":["CDN"]},{"name":"Bootstrap:3.2.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery Migrate:1.2.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-09-29T02:27:41.015895Z","alert_count":10,"request_count":5,"received_data":92263,"sent_data":2423,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-10-01T11:21:03.813992Z","alert_count":1,"request_count":1,"received_data":377,"sent_data":420,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"icon.dt.bmndx.com","ip":{"addr":"138.199.37.230","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"domain_registered":"2024-09-03","domain_rank":2010083,"first_seen":"2024-09-10T16:10:13Z","last_seen":"2025-10-03T16:25:45.966329Z","alert_count":0,"request_count":1,"received_data":15277,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"cdn4.mndx1.com","ip":{"addr":"138.199.37.229","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"domain_registered":"2022-08-29","domain_rank":345794,"first_seen":"2024-06-11T10:07:39Z","last_seen":"2025-10-03T13:40:42.617872Z","alert_count":0,"request_count":1,"received_data":15317,"sent_data":418,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"usrpubtrk.com","ip":{"addr":"172.67.186.11","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-16","domain_rank":6824,"first_seen":"2025-06-17T13:34:00.105327Z","last_seen":"2025-10-01T11:51:49.515021Z","alert_count":3,"request_count":1,"received_data":528,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"saptiledispatch.com","ip":{"addr":"172.67.163.213","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-11-20","domain_rank":210407,"first_seen":"2020-11-20T19:15:18Z","last_seen":"2025-10-03T16:13:10.352793Z","alert_count":0,"request_count":1,"received_data":2019,"sent_data":503,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"wayfarerorthodox.com","ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-08-08T11:06:50.216151Z","last_seen":"2025-09-29T02:36:36.800259Z","alert_count":16,"request_count":8,"received_data":13636,"sent_data":8468,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-28T22:11:46.369912Z","alert_count":0,"request_count":3,"received_data":114032,"sent_data":1641,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pl26380627.revenuecpmgate.com","ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2025-08-29","domain_rank":0,"first_seen":"2025-09-28T01:35:20.913372Z","last_seen":"2025-09-28T01:35:20.913372Z","alert_count":4,"request_count":1,"received_data":98999,"sent_data":464,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2025-09-28T22:13:48.149535Z","alert_count":0,"request_count":1,"received_data":20344,"sent_data":512,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"adexchangeclear.com","ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-04-27","domain_rank":24943,"first_seen":"2025-07-16T08:40:02.47428Z","last_seen":"2025-09-28T23:49:18.904828Z","alert_count":1,"request_count":1,"received_data":1612,"sent_data":2097,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"52.57.19.68","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-09-28T22:30:31.748184Z","alert_count":0,"request_count":1,"received_data":426,"sent_data":457,"comment":"","tags":null,"fingerprints":null},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-09-28T22:13:28.102465Z","alert_count":0,"request_count":1,"received_data":7832,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"acscdn.com","ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-05-05","domain_rank":18769,"first_seen":"2020-05-06T08:07:13Z","last_seen":"2025-09-29T02:40:09.468487Z","alert_count":2,"request_count":2,"received_data":245404,"sent_data":831,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"netdna.bootstrapcdn.com","ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":41692,"first_seen":"2012-09-07T15:11:00Z","last_seen":"2025-09-28T22:35:06.565247Z","alert_count":0,"request_count":3,"received_data":125831,"sent_data":1482,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-28T22:11:39.889585Z","alert_count":0,"request_count":2,"received_data":43312,"sent_data":919,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"netdna.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js","fqdn":"netdna.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"abda843684d022f3bc22bc83927fe05f","sha1":"26908395e7a9a4eab607d80aa50a81d65f3017cb","sha256":"24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f","sha512":"3f1b46e9ea0fb6be507605a2783af406c6b4f885dedaa4401bff204b0fe9056656717411021594e2512e98a4e398e3238267a7deafeba1b57e443decab0477ea","ssdeep":"768:xoBFw1wl+WRydWDRQgn8WI0fBQLrX84XCqc:SAr2MRCqc","tlshash":"43e28446b23031a107dfb2e5515f020b723a6a6de906907c38b999f53db9c48727bf39","size":31819,"data":"","first_seen":"2023-03-07T01:03:23Z","last_seen":"2026-04-03T22:59:32.303753Z","times_seen":7131,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/theme.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d8176b4cb2798d51558fe707c55d7fbb","sha1":"2d49a0b8afb91121d20469c210566fb8d21e82d6","sha256":"497a2c9b733f23e5ec7ba08698be68a7cc7c121213e78be6a9db5ceb3943b8c9","sha512":"35bdf908dd7eeb6cbd0c3d6f746e3ef87b992bb188e16f4ccc4966c26c774086f866dd603978d9dbdc65fe3488c4bdd3346c78daad3b39da835f8d34a1514811","ssdeep":"768:sdsHXBe1s4RPwBTlttO81x93OD4JdbNC6vALeqny+C3s1pR7T8I5HDwLYPLAWyCt:sdS4D4JdbNzvweqny+CQpmeHMYPLNxn","tlshash":"4313ea883182b12787f761f5a05f620bb172a9a5a04da43df579d4d1bef4e881123ff8","size":44830,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.125086Z","times_seen":284,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jasny-bootstrap.min.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f6b6e524d29d54ada53e4172b9d91cf7","sha1":"427153c7a2d83d2ca800e397779f29b857801ad2","sha256":"e7ad856551c720cb7c6a24a8bf4a9d6b6b24c24f07109cde96366338e53a4ff8","sha512":"13c01f28dd38a2b10ce27bc4dc60d510b2067e408ba1c0a26b0eb7fd39dd4300265278d529925e56d40bdc06a32d024558ca10a20d1ced6c186cc9ac263cc36d","ssdeep":"384:rKLCtf00Rd7HyeSOjjWhuU4AHL6JLeUxVM1MJsisNV+bocACk3N7K1nj:rbR00DHyNOjKhuVAWLxA1MJsisNV+boo","tlshash":"4e92664579b0225903ffa17601db4749f336eb28984a411cb4789ad76e39d0a72bbf3c","size":20042,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.152883Z","times_seen":582,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-T9LGLZQTB5","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d6bdca7719f93e5c4923a5ad8f431c12","sha1":"998b8695b52fd31188e2d68d5d5d3cae0c5f0067","sha256":"cc1e5b6102e00e436050abd2bfdabf4dd176bd2588b41b0be4d6d8c018e98173","sha512":"67ce43592ac81aecdfd0ee483a485b73cef82fc3c5719b07ff9dbfed70190d2f7e98745af9702a9e471545d34a0493f2da6df8c5b055d83c47e4d6cf4eed73db","ssdeep":"6144:ABzZTP5DyYvRC1cZwtgk6dSLd6gZg1X+6RVt:O9bdtvIcZwhGt","tlshash":"14941ace73d674665396e478903f018ba5bb28a2f44cc899f189cce42d74a9a4137f7c","size":422414,"data":"","first_seen":"2025-10-05T01:38:06.621925Z","last_seen":"2025-10-05T01:38:06.621925Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"eacb2e00069ed45f4a3f7a5ea3401cf3","sha1":"53b16a13aa89755d8a2b8eb147f4f31a9f77e0a6","sha256":"cf7840cdd04d15ff4823d4093b7ee5f5c521120b9e05ad45d3bcf4e2c4e19f81","sha512":"59d17b6ea19d4204a48f74e486218fad07509f634def7af40ee7232461b189df7002f2d8c4c95332fbff4796e0e282403f9c63686868a9f1fa7aa0d7fa5b1fc3","ssdeep":"","tlshash":"e5d0235a3975883153bd014690b5e3ad25712154b751b700c2ddcc2b6e31dd388f195c","size":217,"data":"","first_seen":"2025-10-05T01:38:06.661067Z","last_seen":"2025-10-05T01:38:06.661067Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jquery.plugins.b.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"443045e7fcb603ba92e473b0ec11d2b2","sha1":"8d9dd41c01b0f2738d6bd1a3984095570bbeb0df","sha256":"8084ff37c531acc28e0fa45ecb19d9a3c846a91f1b2e101801a9dada0cd31702","sha512":"995f65923b7ceb647c7b81b71d6e9c2f169e27a9b9c2e38476eeb4c7cd6931823a0825cfe344409f39096421d403ed0096eef957da48c6789052ccc120f089d0","ssdeep":"192:drqHYs1VpcjP3+RMCN+8/Hit2eVUUZCDq78JlwyDp/VQ3SI:drSDy2CxaqFcdVdI","tlshash":"1512d8a93292342a62bb516c105ff50ff3219526d18b8050e25899f43ef9c8e3767fbd","size":9535,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.18288Z","times_seen":295,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"72ce2e8580faf6a435bcf9287baa8244","sha1":"96f5fcf5a8130a40569fc7687efc92f36f744ffe","sha256":"59a47b5d911f7d6f86033fa49b188a432f5db8863a50f3a66dca222ba3051afd","sha512":"7b5b0c2c1f2585806c6a3ad5ee2d1d3e4c48163b50f75db0db69b2b6d615b5200b3d8db1e37f8229bd0ef8ec8b542f8abd20ba8fac0a610743dbf5d2b9c88b85","ssdeep":"","tlshash":"ba01afdf40695a0d167c24bc680f57c6279a7f285d84c847e14fd511a25adb503fb4c4","size":852,"data":"","first_seen":"2025-10-05T01:38:06.662188Z","last_seen":"2025-10-05T01:38:06.662188Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fd4f3db2d9cb8b3ebb57e12f44ff63f3","sha1":"0623eff63b752147691f6c74414a16e692375815","sha256":"6ee5d2ac785bddc2b40a19acd09b822944924403e82aa2d9d0e77772723506fe","sha512":"63d06db8e262df82c1dee1dcbdb74c4b62e90f0ad6e2fe0c00a8200c9574da183afe9d9ccfcc8033fa51c55f9b96f99d4ffad3d169ff32787cec84e748163585","ssdeep":"","tlshash":"f3311f191386c6350ec760d29eced4d6aee440de7a5bc9527419b9b92bcefcc00db186","size":1815,"data":"","first_seen":"2023-03-07T12:01:39Z","last_seen":"2026-03-07T08:48:34.190215Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jquery.readmore.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"081fe3d90aad9b9f11e4b1c0569530df","sha1":"ff566498ce6f25f4a3b28c0e2bb92b6b86fea6ed","sha256":"98e825583e6fb4f7e8a65f9063fb7ea2d34aee8f9aa480dfee285ea27f4fca02","sha512":"cf242d2562e01ce001f00b847c0855d090f3c2883ede50cb65298cad502e2ae1fa6648a16eab883bdac88e2cdbe0366f4dcad0967bf3cf0e02ef979bf7f2b2f7","ssdeep":"","tlshash":"ec61f169b323f642c4a720e2705f530a663bf128835580547777dae86f7c80e7863a7e","size":3430,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.153633Z","times_seen":319,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c3d5e7ae44ebf7eec435c9325b6f676f","sha1":"8b6342ac0b9b097678cb23ae693917b91090b944","sha256":"6dab04cf1ed42a5675ee85fc766f21ccf9386c3e61f9081987b6de3ec7e7f23b","sha512":"5b005cc0eb966d2f33b5a73649d37bc6cc5f0fb2cf7232daae7d64d16015dd4318acdccbd7b4fef7836668839c44905b62504cd6a4618a34fe7479f8bfc1ea73","ssdeep":"","tlshash":"87718548f752242b617770fa4abf1706673a6012db07ac64b17e088d0bd7f38235b8a7","size":3483,"data":"","first_seen":"2023-03-07T13:15:21Z","last_seen":"2026-03-29T20:18:02.285771Z","times_seen":320,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b6ec630beba5aa234f361049d0162851","sha1":"40852e09b7e6202ef51b85ecf775694b703442d7","sha256":"79fdb7c25e266e76ee0ff619f2487f81f0b97bed193c569362bdd39d5dc6c859","sha512":"264fe900395e3c3b429292438bb378aee3d1b27eef446e11af0d3fc65e0458163f14b2d375ad09e51adf6a97807511673776f4bb16fdf2c779e1393a094f1e44","ssdeep":"","tlshash":"5ff0825ff2c1b634c4357679ec32615739356701ae07480959f4107cbb59a052887a6f","size":478,"data":"","first_seen":"2023-03-07T12:12:06Z","last_seen":"2026-03-29T20:18:02.290952Z","times_seen":316,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"29727d13fa2a206a7cc92a101c29ab33","sha1":"647b9b2f5532aaee7217e70850589ad673938fcb","sha256":"42ee5f253d773ac3a83d1fc0d0f922a4c502f66dddfb591593129586c4f2725a","sha512":"5917cf75cc80fb72cddea8cbbba81512d053c8cd265f38c81db939dbe3afe1d9bf4c81ca8ad387743873436144cd57b1f55d79f353be00b851b7a6e220e89b83","ssdeep":"","tlshash":"61c0227079dc5639807a71241dfea204ae1ba910b83a2140e02ca0b146ae63822b2c10","size":190,"data":"","first_seen":"2023-03-07T12:01:39Z","last_seen":"2026-03-29T20:18:02.292636Z","times_seen":376,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","size":19948,"data":"","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-04T00:28:36.974338Z","times_seen":330082,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7bc2250f798e8dd30269772ee8cf4599","sha1":"3fb3ed5ea1a5c052fa3c26e45d4abd3e722b9700","sha256":"cda4eff9500a8b16f33a54c6cd1ce7d2ec3bf66cecddb63d9c736078916c5035","sha512":"3e8e0117e5160dcad1084a50b83f5226f5a9ac659d3e3dd68995bc2706b8c2ae482c3ce2692bab223ad149137a58d792df16a2c996bafd328280806b31ff1a4d","ssdeep":"","tlshash":"fa319946f72c1977663a14ab1c1930cc913e49b52c0426e7fcdc26a45d98f28c3ea99b","size":1833,"data":"","first_seen":"2023-03-07T12:01:39Z","last_seen":"2026-03-29T20:18:02.294258Z","times_seen":354,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"da82194a183686cf8d7399280ca1a82a","sha1":"a17b2662e49c8d8e47701735ef1e6acf9f5fff07","sha256":"3cb42a90fd07560b095613a310becac597581e2f0b9ab54dde764802be0609cc","sha512":"92e73fcf130ed28ede95ad1f78b28264b1a152b7a07e836a858d116639d7e3b0429449e833d56f5b5582a6ba35965f3be796ace256b9eea649a0ca2f8edfb69d","ssdeep":"3072:G068+RhI8FvQeXO0AFQM4MmMnTQXvS1kKeq/h:B6phN1DF/SW4h","tlshash":"5ee3e849bad2b0f867e261e4942f9646e1371624740e98d5f6fac5d1a879ecf0033e3c","size":146805,"data":"","first_seen":"2025-09-11T10:47:57.345998Z","last_seen":"2025-10-21T05:38:51.00741Z","times_seen":595,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f03e5a3bf534f4a738bc350631fd05bd","sha1":"37b1db88b57438f1072a8ebc7559c909c9d3a682","sha256":"aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947","sha512":"8eeeaefb86cf5f9d09426814f7b60e1805e644cac3f5ab382c4d393dd0b7ab272c1909a31a57e6d38d5acf207555f097a64a6dd62f60a97093e97bb184126d2a","ssdeep":"1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmm:R+41ZqLTW8xRrqSb8qGH77da98Hr3","tlshash":"1793d8d9b7d67162977730b850bf510bb13a98eab80c4ca0f0a4d8e47d74a89507bf2d","size":95992,"data":"","first_seen":"2023-03-07T01:02:11Z","last_seen":"2026-04-03T23:33:54.989118Z","times_seen":20568,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"48b383db8c4b689d51c7fe7520af1108","sha1":"464dbc35d23e717068b6c71c46c7e267bf8bf3c4","sha256":"e23346daaea4662b4e261ddc679f7ef3e914155a66fc2ded5802809568638553","sha512":"55d94e1cb158dcae5d3635335f02fa36c6c70eb0812040f917a54d7191665e22356d712a0036c55d87a4cf2b1b2c1b5c781aab61f4c30623a5481d9146605d21","ssdeep":"","tlshash":"c621d221ff44b79855ba79520965d2b020371572d1084b16f8f3703e9c4429a362dcbf","size":1436,"data":"","first_seen":"2023-03-07T12:12:06Z","last_seen":"2026-03-29T20:18:02.295561Z","times_seen":259,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0b5c6ecfd31b214438c017f7840cab7d","sha1":"5b0d464bbab33735e654f6d0b47dd2bcd47f8e5c","sha256":"e0d679f66eea8fae589016f89ff238618cabb4b802add68fcbf4d70498356ea1","sha512":"c5bcf7b3ad3cd5e65ef4a944e7430ef7a9483af6f499f7e9359146112442aaa246c69fc09c9fd3d7eb0326eebb4b72d90859897d869d06b299c8b0b835473a7b","ssdeep":"","tlshash":"dad07d80ecfd56010a7b75392c79ef8f923331011f03451156a9281f4e84bc7b163475","size":291,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.302583Z","times_seen":382,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/js/jquery.typewatch.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6915a93382a7b35f40987fd648b43f9d","sha1":"b78c77cc774594df414a7b1fb99c28083d85bb80","sha256":"1836dba8922ca00f9ac170122f314b2cd7bbb2eba09c73d8bce215597bd9cd2b","sha512":"e88f5e62ae04a867b1b5ba979e2b653cab8348167c37cf897856d13558114dca318ac33b2c07d611ad3559014c57e60b847823421a46649a47f5328720eceac4","ssdeep":"","tlshash":"6c313f4cb152a15d87e263f6aa7616ee3a7ae3785a001184316512d0a078a8f63d7bd4","size":1745,"data":"","first_seen":"2023-03-07T12:12:06Z","last_seen":"2026-03-29T20:18:02.232774Z","times_seen":387,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3271f15b2fa03cbfe804d891a4d1bea4","sha1":"ba0ebf448794037fa0cdc3f7d3a103e61894493e","sha256":"ec4add2cef8de7dcf48c93f7f83ecec842fee54b4e1ae3ae8ba67b1da1edfba8","sha512":"d6dfb9c2252f4a7dc3681f19e9c36ae5759a4ef08283d47493adc7f85bf76a092cc557a2a18cb13ac7af57626c4f9551833c53fd8ecddd86addc866cfac78b2a","ssdeep":"1536:LOFHKIV5GuKbOPNXN6ibR+6ry6j/IYOHSD/u/NNU48WQJFW4gkzwi/OsWVhL/Tyw:LYqmzIOVg6W6jUHSDm/NWu4hzihp","tlshash":"e293c649bad2f0e86be365e4842f5646e1772a24740d98d5fab6c5c19839ecf4033e3c","size":96855,"data":"","first_seen":"2025-09-11T10:47:57.233286Z","last_seen":"2025-10-21T05:38:50.883718Z","times_seen":518,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"4cb452105aa125b007c3a7007015d2d0","sha1":"555ca32f08c570a7281fbf889686a005a25f24a6","sha256":"6bb46f8a5939120de359116e995021d445853d7922e3d8ad627eb5f6781115b5","sha512":"dd54c2b39a3020955a53f1bbea49316a0ea46e3e375dd8f07478dc1aef8c8259e803340ed4a9cf2416dde98426d91c7010947e25e67f8086adb404e144f37496","ssdeep":"","tlshash":"14f0f4281638f63387aba254914ad34997b4c38fa84501c964ac4be60df4bf362d087a","size":601,"data":"","first_seen":"2025-09-30T14:23:11.333169Z","last_seen":"2025-10-05T01:38:06.668814Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-migrate-1.2.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb05d8d73b5b13d8d84308a4751ece96","sha1":"743052320809514fb788fe1d3df37fc87ce90452","sha256":"1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d","sha512":"7b68a43a22a41404a2ff58e0da6a237492cad0fc3e56d216980802b4d5fb483895262a7e049340d6670002bdf899ba88c319239e60d0aae1ac31d98556b0ad6e","ssdeep":"96:tBySz91Gwyk35YrfBewIt9jKLKDs2SFNK7wIDBRANyCfVJ45NI:zySzvGw/35YbMx9jKLKD3UIDBR8VVUq","tlshash":"3fe196dc72aab5611ffa30a8503bd21b72b25aec140d95a4f08ccde5392cc5d413ab7e","size":7199,"data":"","first_seen":"2023-03-07T01:02:56Z","last_seen":"2026-04-04T00:27:55.941185Z","times_seen":19794,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jquery.plugins.a.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d30d39ea7362e56afcdb14c1919e36b6","sha1":"3d8ad768ea89003210bea45e8aacd038bae1ecf1","sha256":"a01674489d3ae093a5909246b27d46e09a6f49bc6834094f5febfa056910e0e5","sha512":"e150975ba628ff73f1a84d94d9ee2f1473d881e0631731b0ea779d6b92e31708d4cd35ef22d421f590466a04ddb960f77c7f91fd3eecdf29a6c31e7f03c2a6af","ssdeep":"192:er5EO3dPvqWHg3mHxY+HFuArszyuFPsrhLypbNIGRS:a5EONH9mQbHAArszySPsYpb5S","tlshash":"a21251647140736246ef70a6e0af92cf9231a335474bd0c0d0a0faee6e3a97586d3d9d","size":9805,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.12578Z","times_seen":296,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"901d05a394689754b24c53a14ff0bb94","sha1":"16e6750d0db26beda439d20147af2cdf6ee85f6c","sha256":"c8d34bfa528cee7507080fac65baab9a6eacb046b4c097cc3201ff3bba0d09c1","sha512":"4ee2e549e7bf56480b4d2ffcbd59903b4f9f55ee6ee6b15ac161d70b08297ae3662e91f1cfdd2c6832601a30079245c722674147287d384efdcbe158048e63b9","ssdeep":"","tlshash":"44d0a738fc7da01104bd38ba38f74d487a36387020032845447c96e45b9aea44581c15","size":216,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-04-03T17:07:22.65821Z","times_seen":455,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"86a6965e541a781a37d669b260561c55","sha1":"d507b1712d0947c35ca109d78453ad0706543594","sha256":"d08064727885699b455486366ac7a1b6e9e298d7cb1d94d4e491088d0bb8ab94","sha512":"083bdf45ad8995c0ec36c921ed717a940848bf6490fb897aa3a9a9d98be61fe38d2f4284960bd6863558a922318a7a42ec756dbbda4a3e1511e1fb28ea3a15dc","ssdeep":"","tlshash":"a3f0270ab2a4993780b231885a5a4bf9766854cee508183230a8d78d1371dd4a2babb6","size":439,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-04-03T17:07:22.659118Z","times_seen":456,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5d0f0b5b79e9f10c796e8a416e57dd2d","sha1":"acca3a159098bbc8a6313d6f496cfeef362c3171","sha256":"452c276bbd878d6970a8f3a2b5ebea89fcc866c5aa58e5e56afcdc9c53c2b78f","sha512":"e27276b5b768d17d9973211aed03b558904dc0b9d04d39390bfe27493d783c5c64f98dd6b676bfad19f0060eab18fd0ef3d4ffb492b0353585c3b09253e7fcf6","ssdeep":"96:u+cdSxFAl+7furhwsTulBaahwlXYDIxCrh6sTuDHO65:uXdSxFAl+7mrhNulbwlXYDIxCrhzuD/","tlshash":"bab1b909ff7a4a9b996b316075dfb1ca435f6972f30b0e1afe215c1c12e4562e063a06","size":5271,"data":"","first_seen":"2023-03-07T12:01:39Z","last_seen":"2026-04-03T17:07:22.660317Z","times_seen":450,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jquery.cropit.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cd82e0edbcecf087be901e8e7ed0d035","sha1":"2cedce9f87501152efa36eb1949d95c0ca4ff200","sha256":"b8a0d09df5a79e5e9494b3061eeff55883870c66714879886348c5095faa7840","sha512":"972ad1b4fe72296e7123bebe0c1e18aaf1fe1617ed41762b0e0b3afc9a7e58c0a4f9e5354094808d94bcebcd8f7c1d12b9c794ae17c47bc9cb3586ca9899193f","ssdeep":"384:b4Ku+vsSCLma/KSUOW5Gur0433Pfmoz8DKNzmavSbnCIjcIOHinWK0inVcaTJX5s:XWmaiSO5Gu/wemaybVtPJXm","tlshash":"4fc2b4193ba1367742a7f1a0760f800c1275e975e446e38cb638d8fa9af18148a77f76","size":27578,"data":"","first_seen":"2023-03-07T12:01:39Z","last_seen":"2026-03-29T20:18:02.154507Z","times_seen":606,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8936032a7d3e1beaf7bc11c688e416aa","sha1":"33c12de157725853e90bb35bcf8cec679ce7184b","sha256":"13ba73dd673cf272747ee95b002c7d906257f4b22b3c37e0ede66df4164812da","sha512":"6a4851df35bdbc816102a49bc91392877d8a809da315c4155df62882f1a2eac3b8a140353b081e91e7be5c1de9f637d556620364b84fd34b805a327df4e8cc90","ssdeep":"192:/ZfWHQSB7MFigOY96LwJvNA/aR6r4B5ZMhIhQ:Qc6Y96LwJVTIg5ij","tlshash":"7622b7c575cbfa52c12a04b0913b63d7910ebea484e85c9b9f04fdacbc2d344b4a9e19","size":10029,"data":"","first_seen":"2025-10-05T01:32:38.510607Z","last_seen":"2025-10-05T01:38:06.6564Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl26380627.revenuecpmgate.com/aa/17/78/aa177888545d5fcb5c8d39ba3f934f3c.js","fqdn":"pl26380627.revenuecpmgate.com","domain":"revenuecpmgate.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"77df9acba35a09a094a78b5ba358018d","sha1":"d84445b74c4ccc24efee59a132a0d928e54c00fd","sha256":"2bebb8e4542979ea109d32562aa67a5a7b67346282cae60d77d8adf1e3230285","sha512":"b02d4122993cb48ee83580f0da0a8a224a38509fd9d33c486c16493885bbc4f6071a7b7b057dbfcf3e4b7d8ce0c29ddeac3d7073599a4d08606726eca4aacb90","ssdeep":"1536:lzxl+xx+nfI+ieOOoJm+h1eE6eunK1lz2N9QeK22udmm2gYpDkUeDCoxbp3pkcXE:MxIoJSnxKHWYV","tlshash":"f3a3e9983b50f0bc02a674f9362f7906e064ce6160ccd668d507fca86b7975bf439e29","size":98060,"data":"","first_seen":"2025-10-05T01:38:06.635703Z","last_seen":"2025-10-05T01:38:06.635703Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c070828794e3692be0a52440af066ad7","sha1":"a22ab13f7ad1693710e700a1e4af7b0b9a5d13c0","sha256":"ef97c53f57f9b726c0bdc02f4fb9bb0e6e8d0e9f37f3c24d3f913abcc06ae14b","sha512":"a52c33c68004604eb2f48ff0ce91bbcf08d9eb96fa8c0f73446ba894515479054e85675ca024c74717601fd20769e2cce674b72ccc3be7d77516e18884b26bcc","ssdeep":"","tlshash":"fe01d019b2452b28825fe658943e315878376003ef017d09fc3c515a8f70d6528e1f4f","size":850,"data":"","first_seen":"2023-03-13T17:01:24Z","last_seen":"2026-03-29T20:18:02.312243Z","times_seen":177,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f104373f76be09532baa429e56c87e24","sha1":"d522e81e1534b832afec5ab46bb4eee7567ab1ab","sha256":"620dd390ef45c3aa7d847a69a7ea8b4a1fa9b0163f36a07422b6ac9ab846a594","sha512":"c8793a041f5e2800ec2e999599bd4cb1517252e65c0d9cd69a49299e4d52afe6d07f3b005f819d330a2ab83fbecdf9ea304227e92788f37c61a1d94f4c9e7f6e","ssdeep":"","tlshash":"8e9002aa1161801616f2241c5a1d9d7890690003c80965c57a8c91a49b241941026904","size":55,"data":"","first_seen":"2025-07-13T23:17:02.979579Z","last_seen":"2025-11-01T09:32:59.89616Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jquery.readmore.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"081fe3d90aad9b9f11e4b1c0569530df","sha1":"ff566498ce6f25f4a3b28c0e2bb92b6b86fea6ed","sha256":"98e825583e6fb4f7e8a65f9063fb7ea2d34aee8f9aa480dfee285ea27f4fca02","sha512":"cf242d2562e01ce001f00b847c0855d090f3c2883ede50cb65298cad502e2ae1fa6648a16eab883bdac88e2cdbe0366f4dcad0967bf3cf0e02ef979bf7f2b2f7","ssdeep":"","tlshash":"ec61f169b323f642c4a720e2705f530a663bf128835580547777dae86f7c80e7863a7e","size":3430,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.153633Z","times_seen":319,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/js/melody.dev.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e238acf58475d3cdb95d614582134b24","sha1":"b13c1da1f5254cb14f4f187bd5174ed0feb08a23","sha256":"f3a4cbf3a8090b121a0d6d6dd8feda9f92831cdb5a070a7eb9ef58234c1f4eab","sha512":"7209c4cb8692e5a1fce4c6bad8081361c857d45b179b935a7291b0682c514409584e10b29bb56905dafd5d3dc8831d82c78cf9895c7b59ac2239552f6abf1f2b","ssdeep":"384:krC7SV8zve0Nfenff87NLRld9gTSOW6VUH:krC7+860lRLRGTdK","tlshash":"f5a25405f2ed1e6600b334360cafa4853a3c99b798048d59fd5d21e85f6cb7ca972f4a","size":23108,"data":"","first_seen":"2023-03-07T12:12:06Z","last_seen":"2026-03-29T20:18:02.23372Z","times_seen":492,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6062294451a7a581dc74178c7c5a1332","sha1":"c8e09f671561b72bdae9fd3cfeea799629430105","sha256":"c556ffdcc50d996a51234a1dec5ae85925ffa13c788b800be900dc5eb1344d79","sha512":"5b4bcb7d6530bfa8d33d4c769d0934938af4e7842a518556021ed900fad8a06bc39c2d35494586adf34e4d6fe19095b2d41c726b8214746527e04cec9e910594","ssdeep":"192:M/H3P83adOwGuABXfKOBPpzbo3j3rFuuV6:MP/83adOwWp0j3Buz","tlshash":"fbd1a8dc768070800be7e97f776f651ab06a58501c4fe491f003a9e83d6872ed63eac1","size":6293,"data":"","first_seen":"2025-09-26T11:10:49.483616Z","last_seen":"2025-10-14T12:32:44.197235Z","times_seen":1614,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/46/6c/21/466c21c39eb224635d18fb77ada6bdb4.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1f4d891ae052ed0c23287739f3432936","sha1":"8c0e958eb6f96d09c854eed6fa7d321bae790dfe","sha256":"29434a789baf4c6ff95014cec874989c7b38f5a53f8b3ff754e70d02d1c7a93a","sha512":"881e460307a6d8360e45b0298708eb0545021e3848168b223d200432ee05be419aac4576dcd3345a725a8ea9a45088fe3cba6948b32a7b868aa0dadbe13e8f45","ssdeep":"768:cpCxicwKzukjCm/hYE4JoYC3ouzBcXInwrHpSFXcdDqxv1l2qo0uw7T3SPGw6uXT:cppUCQ37XwT0Rcd+9keSPjzeE","tlshash":"ff73fa4c3f95f1ac43a26073222f941bf12a1d51b46cf8c8d253e8bc6eb9769b536b14","size":76323,"data":"","first_seen":"2025-10-05T01:38:06.629463Z","last_seen":"2025-10-05T01:38:06.629463Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/js/bootstrap-notify.min.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ba070af9d1b1a2782851940de30879f","sha1":"d33390fc88bf68bd23eb182d7dbc77f5227081b2","sha256":"a13a07b242c80b57e0cbbacc6cfedb538d4d331ff1f9dff370519ec57407e450","sha512":"3d793cb731b6a060ea4b68dd622b76ee0db7f1ca5536fd4b4831b6f586c8f4f6634fcfc64d7dd93e85298225e9a4aba6d9d44ca3d8fabc2dfd365a02df60abe0","ssdeep":"96:YjcZsiBifeECqrETiqx8D6Eie9tJzg1YkwVgwIuIL3BMLbR7HdvxsyBvoPrrOLKE:kFi4f/7ETi7DcKtJ03LLkp1xs1O","tlshash":"a902768d7112926a825b9277a08e0300f536a615e517f63d3e3ac4e6bdb4de822173f6","size":8216,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-04-03T17:07:22.646019Z","times_seen":494,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a116c0f1cc8c2bf01eccda8c8a6dd81","sha1":"761b1e904f6cc91fc19e514398929b09f19a1489","sha256":"e3304caaab85e6348f7ced7836f55a208657d87504a7f3b9ad18512b6604bac9","sha512":"3db8bc5b3531c8a37793656dd91a2dd3def6c1df9c07beab496a2c1dcbc8c97ffbf590d93c55e2b10006980995067a1b993642937488352ee97739e874317178","ssdeep":"","tlshash":"08c02b8c211a1cb141f727008f3fb604b003322494d0bd31489923848e30e03e754d10","size":153,"data":"","first_seen":"2025-09-30T14:23:11.331067Z","last_seen":"2025-11-01T09:32:59.894827Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6a2b793474ced89f1e1c2c77da98dfac","sha1":"b91e95d09617017b7729302bcb8d048796a22568","sha256":"58b8d78ec22c2dabe87be8b0b1c19b37272691fbf4e42bb04e68b70cfb1289ce","sha512":"2985f0e5bb927e31b156245409079ea3febeccea0e2e040b550e74f13098b2338b8a35e287da0028846e381ff0d76dd24f5baa76f901ec235ba52576d03b743f","ssdeep":"","tlshash":"4b1100793b1a1534c6d5808b317ee7a93d3220217a02a144c36ccc289d28e8714efcbe","size":902,"data":"","first_seen":"2025-10-05T01:38:06.67492Z","last_seen":"2025-10-05T01:38:06.67492Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/melody.dev.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c3bde81760af5b3df4d0c56ba06a0fca","sha1":"ecf2f46def386ad8f62fad28edc36c8440f339cc","sha256":"c6f149f7dcbe38ff7b1391b1fab3462f06309f79df7bf9135ba1e75b13189af8","sha512":"7b8e060be27ba820f50b8905cabc32507f821d5dc8ca768cfcd26521ee90568fc5b4e43181f08b587eec7e6be5c201679a7cb1a8ce8fc3976a1159a4b423f95c","ssdeep":"192:EcGikGJsJfwbyN3DkPMnBE4c+mqa5F9iiN8lwwIJiN8lwwb:f4yyN3DuMnBjL+PL+u","tlshash":"d9f15498b39d679eccf63266553d9404cd3ec1328203c2687d3d61941ff8ec52a76aae","size":7961,"data":"","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.218986Z","times_seen":269,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"netdna.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css","fqdn":"netdna.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:23:24 GMT","end":"Mon, 08 Dec 2025 04:23:14 GMT"},"fingerprint":{"sha1":"2D:94:96:D6:08:54:E8:A2:4A:A9:D7:90:E4:75:91:6B:AC:CB:AA:24","sha256":"24:50:0C:86:73:A4:E6:6C:AD:20:57:80:86:4E:19:B1:E9:76:7F:2A:BE:CC:E9:75:B2:07:67:62:FA:9B:E7:8D"}}},"request":{"raw":"GET /font-awesome/4.4.0/css/font-awesome.min.css HTTP/1.1\r\nHost: netdna.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncf-ray: 989931eb5991b4f9-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: US\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"0831cba6a670e405168b84aa20798347\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:54 GMT\r\ncdn-cachedat: 11/11/2024 14:10:46\r\ncdn-proxyver: 1.06\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1111\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 1\r\ncdn-requestid: f2e02cde60d8fda1ac50833fedf7eb85\r\ncdn-cache: HIT\r\ncf-cache-status: HIT\r\nage: 5685298\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26711,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (26548)","md5":"0831cba6a670e405168b84aa20798347","sha1":"05ea25bc9b3ac48993e1fee322d3bc94b49a6e22","sha256":"936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829","sha512":"655f4a6b01b62de824c29de7025c4b21516e7536ae5ae0690b5d2e11a7cc1d82f449aaebcf903b1bbf645e1e7ee7ec28c50e47339e7d5d7d94663309dfa5a996","ssdeep":"384:/i5yWeTUKW+KlkJ5de2UYmydfwYUas8l8yQ/7:klr+Klk3YlKfwYUf8l8yQ/7","tlshash":"5ec240e8e54c01d66731c48bff85b36862b6f73dd5804da9f01f690c29d22a522c5fba","first_seen":"2023-04-05T03:42:18Z","last_seen":"2026-04-04T00:49:52.006104Z","times_seen":15992,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":52,"dns":2,"connect":2,"send":0,"wait":10,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jquery.plugins.a.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/js/jquery.plugins.a.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 20:52:46 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oM2tBnslpNd6EtMwiiIM8k94GjE810JOHbxyO4ad4bkhRFrh4tVG7mUHyGRl54sN77GtrxMohpcuZwj4zl%2BXzg2eH0SJapRc0%2F4%2BZjVCVF59\"}]}\r\ncf-ray: 989931eb08070731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":9805,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (5325), with CRLF line terminators","md5":"d30d39ea7362e56afcdb14c1919e36b6","sha1":"3d8ad768ea89003210bea45e8aacd038bae1ecf1","sha256":"a01674489d3ae093a5909246b27d46e09a6f49bc6834094f5febfa056910e0e5","sha512":"e150975ba628ff73f1a84d94d9ee2f1473d881e0631731b0ea779d6b92e31708d4cd35ef22d421f590466a04ddb960f77c7f91fd3eecdf29a6c31e7f03c2a6af","ssdeep":"192:er5EO3dPvqWHg3mHxY+HFuArszyuFPsrhLypbNIGRS:a5EONH9mQbHAArszySPsYpb5S","tlshash":"a21251647140736246ef70a6e0af92cf9231a335474bd0c0d0a0faee6e3a97586d3d9d","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.12578Z","times_seen":296,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026es=1\u0026e=gtm.init\u0026eid=2\u0026h=Ag\u0026tr=1ogt1pdatav2.1ccdgafirst.1setproductsettings.1ccdgaregscope.1ccdemdownload.1ccdemform.1ccdemoutboundclick.1ccdempageview.1ccdemscroll.1ccdemsitesearch.1ccdemvideo.1ccdconversionmarking.1ccdautoredact.1ccdgalast\u0026ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ccdgaregscope.2ccdemdownload.2ccdemform.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdemvideo.2ccdconversionmarking.2ccdautoredact.2ccdgalast\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026es=1\u0026e=gtm.init\u0026eid=2\u0026h=Ag\u0026tr=1ogt1pdatav2.1ccdgafirst.1setproductsettings.1ccdgaregscope.1ccdemdownload.1ccdemform.1ccdemoutboundclick.1ccdempageview.1ccdemscroll.1ccdemsitesearch.1ccdemvideo.1ccdconversionmarking.1ccdautoredact.1ccdgalast\u0026ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ccdgaregscope.2ccdemdownload.2ccdemform.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdemvideo.2ccdconversionmarking.2ccdautoredact.2ccdgalast\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/cinema/default/us/all/close-rtb/v2/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/notifications/cinema/default/us/all/close-rtb/v2/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:41 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:20:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa8537-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 366330\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hybyzyqRPegNK2PA0Hu%2BPtfvMyNWfqaWAMWO%2BE43gcI6i1XVkAoOJfG8bcnjuQc095f63ZodA0aYU6Eod4sVI61fab%2FC7tujMbs3uuhaA%2Fw%3D\"}]}\r\ncf-ray: 989931fc9bf332fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-04-03T21:08:41.899388Z","times_seen":10529,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":32,"dns":2,"connect":1,"send":0,"wait":6,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fcinema%2Fdefault%2Fus%2Fall%2Fclose-rtb%2Fv2%2Fcss%2Fstyle.css\u0026l=4114\u0026fd=45","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:05:39 GMT","end":"Sat, 29 Nov 2025 00:05:38 GMT"},"fingerprint":{"sha1":"E2:5D:94:19:A8:E3:DF:BB:0C:81:C9:E0:EE:8B:9E:E1:F1:AD:67:58","sha256":"38:80:3F:7A:65:C5:71:DD:A6:A0:20:12:A2:CF:9E:19:28:AA:28:ED:C3:D3:FE:04:AE:C0:61:69:26:6D:27:C1"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fcinema%2Fdefault%2Fus%2Fall%2Fclose-rtb%2Fv2%2Fcss%2Fstyle.css\u0026l=4114\u0026fd=45 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nCookie: uid_id2=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971262=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 05 Oct 2025 01:37:42 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":659,"timings":{"blocked":283,"dns":0,"connect":91,"send":0,"wait":92,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/impr.gif?sid=H4sIAAAAAAAC_6RTTYgcTRmuXkU-UPj8voNeIjRMhATSM909Mz0zCbLubxiz2Vl3VwLmEOqvZ8vp7mqrqqd39yDBVYnoYXMyiZfed3azRiMxRxEhzHobEDKe5uCCiAdPXoInEZnNZo1e8x6qinrqffp5H57-0UF2iqqQ4cnabbkroghX6mXXvnJHJEzm2l7dtD237N6w74gkqN2wt6eL6l_3qrWye9W-yWlPVnzXc13P9exloXgotytnKIj0102_7NWaZS9olYMabKv_u9CZBRpbwPqn6FMQbPzxX8O7IOgQkvg3i1z3jEyvLcVZhI1U0GfH30p6icwTiP97DJUFYXJ8_hqkHiP0aAZkcnw-A8j-4XQGIGKMZr70ZyDJ8blQIP2jt1pJBDwBwj4PeX8IPBqCwEOgcg8Ee40AKIPVDiTx01WpcrzzFsVTdIw-9-bvIPIx-ugSgiR-3pnvbNidlCer3MB2WIDYHoLoDiHNTsDszoDIT4Ca74Ngf0SVf65AEh92dCRBsMllxpjPqU-dFqHMqXley8GYE4dhErguZqHrkzODRDgErGcg0xZkwoIstCBLLYjZxK76blBttGrMDV0WEMz9uu9zvx54jNSalENGp8r3waT7QKN9oOo-pOo-9MQ-qOwV6K0CNLNAGwR9VkDOEeQaQY4R5AJBbhDk_eKIRdrXxVMW6Yx457t_vleLgTTdA3wkTZcnCLDaB8WKQ5F-V-8BNdZgN9RoIKcLJqYYYMKKg_QUfTI11fr5T78HPT6xa0FAfY9WW5z4fi2o1pnXDEmjgRkOCCM10KIAoWcAawt2xRi133wZUjFGV9YsIPgEdHQCVFiAs68AzgvAWwXsJi9VWckdHDlM4RiXqYyByQJS81kwO9ZBdIouDdY35x-AyibtLWNSfb1S0apfZqZM4oRtT1sqfb_SrAUV7lHsEc9zsNckjueFrkNaQdOpUk55SHy31qxXvAqNIM5Gs48--iFCCIGKRui8IM-KgfLJaHbn2y-2__2PewNFwtHswy31CiE0UDibXG61aJM2qg2nXifEqQWNlkNatO54AQuDsE6q1VZtoPDUDTZG3_zxXeB0NDt8tPfJ48dPgKoCUlXAd8QfEHSjB4N1maPDdZlr9LKTGhGLXWyETDYMNhz98hbfyaVi7UW9_2yOToHp8fkm12YFJ0wkXY1-NS8Y42pZKsrR79v6Didrmd6az1SSpStrC8vtOFVcayGTIWDxmv4LqBijL34tP_sTnZ98CkINQWXF1JYLK2j6g2el0mZ7c2WpVJqsbso0tY2ISMau2b0slUmXq2u2wgQbw5Xt2MsiSWwlekZ07VRJlvVM2V4-ObIZNzbh2vDzfm7KL0qlxaWNhfX22ma7s1oqTb6-tt653bEXOotLdt39qu3YG3MrS_YG7nPbsdfffSVU2DYyTWOuelzZsmuTzIhej6sXpdLK3PrNpXvt23M3p4pvvUuLiHGXf0heRPyLUqm9cKbzGxesVCYfREpBp6PZ3338sy-EYQha_m8QSWpdhPHd5VkYL15EYozuXn0FER_N_vbxtJ4AJgVo_h4Lf68ZT-mwKA70A-gqC7DZgyQuoK8K6EcF4GgfdPaZgUnVaPZP1bMCElkDEinrkEQqevg2z1pMbJ8T2mhQt4l9jFus5VfdoFX1CK83WK2FQzB6vPWX0d_-EwAA__8JXbSO2AYAAA==","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:42.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:05:39 GMT","end":"Sat, 29 Nov 2025 00:05:38 GMT"},"fingerprint":{"sha1":"E2:5D:94:19:A8:E3:DF:BB:0C:81:C9:E0:EE:8B:9E:E1:F1:AD:67:58","sha256":"38:80:3F:7A:65:C5:71:DD:A6:A0:20:12:A2:CF:9E:19:28:AA:28:ED:C3:D3:FE:04:AE:C0:61:69:26:6D:27:C1"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_6RTTYgcTRmuXkU-UPj8voNeIjRMhATSM909Mz0zCbLubxiz2Vl3VwLmEOqvZ8vp7mqrqqd39yDBVYnoYXMyiZfed3azRiMxRxEhzHobEDKe5uCCiAdPXoInEZnNZo1e8x6qinrqffp5H57-0UF2iqqQ4cnabbkroghX6mXXvnJHJEzm2l7dtD237N6w74gkqN2wt6eL6l_3qrWye9W-yWlPVnzXc13P9exloXgotytnKIj0102_7NWaZS9olYMabKv_u9CZBRpbwPqn6FMQbPzxX8O7IOgQkvg3i1z3jEyvLcVZhI1U0GfH30p6icwTiP97DJUFYXJ8_hqkHiP0aAZkcnw-A8j-4XQGIGKMZr70ZyDJ8blQIP2jt1pJBDwBwj4PeX8IPBqCwEOgcg8Ee40AKIPVDiTx01WpcrzzFsVTdIw-9-bvIPIx-ugSgiR-3pnvbNidlCer3MB2WIDYHoLoDiHNTsDszoDIT4Ca74Ngf0SVf65AEh92dCRBsMllxpjPqU-dFqHMqXley8GYE4dhErguZqHrkzODRDgErGcg0xZkwoIstCBLLYjZxK76blBttGrMDV0WEMz9uu9zvx54jNSalENGp8r3waT7QKN9oOo-pOo-9MQ-qOwV6K0CNLNAGwR9VkDOEeQaQY4R5AJBbhDk_eKIRdrXxVMW6Yx457t_vleLgTTdA3wkTZcnCLDaB8WKQ5F-V-8BNdZgN9RoIKcLJqYYYMKKg_QUfTI11fr5T78HPT6xa0FAfY9WW5z4fi2o1pnXDEmjgRkOCCM10KIAoWcAawt2xRi133wZUjFGV9YsIPgEdHQCVFiAs68AzgvAWwXsJi9VWckdHDlM4RiXqYyByQJS81kwO9ZBdIouDdY35x-AyibtLWNSfb1S0apfZqZM4oRtT1sqfb_SrAUV7lHsEc9zsNckjueFrkNaQdOpUk55SHy31qxXvAqNIM5Gs48--iFCCIGKRui8IM-KgfLJaHbn2y-2__2PewNFwtHswy31CiE0UDibXG61aJM2qg2nXifEqQWNlkNatO54AQuDsE6q1VZtoPDUDTZG3_zxXeB0NDt8tPfJ48dPgKoCUlXAd8QfEHSjB4N1maPDdZlr9LKTGhGLXWyETDYMNhz98hbfyaVi7UW9_2yOToHp8fkm12YFJ0wkXY1-NS8Y42pZKsrR79v6Didrmd6az1SSpStrC8vtOFVcayGTIWDxmv4LqBijL34tP_sTnZ98CkINQWXF1JYLK2j6g2el0mZ7c2WpVJqsbso0tY2ISMau2b0slUmXq2u2wgQbw5Xt2MsiSWwlekZ07VRJlvVM2V4-ObIZNzbh2vDzfm7KL0qlxaWNhfX22ma7s1oqTb6-tt653bEXOotLdt39qu3YG3MrS_YG7nPbsdfffSVU2DYyTWOuelzZsmuTzIhej6sXpdLK3PrNpXvt23M3p4pvvUuLiHGXf0heRPyLUqm9cKbzGxesVCYfREpBp6PZ3338sy-EYQha_m8QSWpdhPHd5VkYL15EYozuXn0FER_N_vbxtJ4AJgVo_h4Lf68ZT-mwKA70A-gqC7DZgyQuoK8K6EcF4GgfdPaZgUnVaPZP1bMCElkDEinrkEQqevg2z1pMbJ8T2mhQt4l9jFus5VfdoFX1CK83WK2FQzB6vPWX0d_-EwAA__8JXbSO2AYAAA== HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nCookie: uid_id2=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971262=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:42 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d87a602bb3bb8eef4b9ec45e5feb8076\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"54:09:EF:2E:96:03:5C:86:DF:F0:DA:AC:A6:7A:0D:35:49:4E:68:90","sha256":"0E:84:83:07:1D:C1:46:17:EB:EA:2F:15:CE:88:56:D2:FF:9E:AE:31:D2:C3:FC:DA:00:24:46:48:43:CD:11:1F"}}},"request":{"raw":"GET /css?family=Roboto:400,300,500,700|Noticia+Text:400,400italic,700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 05 Oct 2025 01:37:39 GMT\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25205,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"5904037573321984d8ba8c1b6693c921","sha1":"882e1f78d8fb4428d6ba9ae3ecc1909697fd61de","sha256":"0e99952e4a8bacc2db554c9f694604b988fc5c9935f909308a8b35494f2e0d4e","sha512":"253ce8f0585a29f0a19202415255c2d0c43066ad19879598a52f6efe4aa2b4e9dd211d84a9285080d98a2b8cc2f711b4990042ae2f4b5dba58393004d983a415","ssdeep":"768:bKNyEfSQv3rgXU/9ffQiqGr8vkSfEQNVR1GJuofOQjLXR:mvMo1","tlshash":"3cb21ca1081b440097835ce223cebe31fe4f92507041d0b5abfd9b6beddbd6652693ad","first_seen":"2025-09-12T16:27:34.439295Z","last_seen":"2025-11-17T08:46:42.427492Z","times_seen":112,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":84,"dns":0,"connect":10,"send":0,"wait":22,"receive":0,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/avatars/default.gif","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/avatars/default.gif HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/gif\r\ncontent-length: 2327\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-frame-options: DENY\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Wed, 03 Dec 2025 05:25:19 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 4332\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cpdF8X15%2Bu520CSwNIlhQLADR%2F%2FvRfUrCNiQBwpNsCXSnT4nt4LoVuJD3lR2StO0RVrn6EpWGXmva314%2Fo4ls5cu9H04B7Sd3jQ6E90k8Uz2\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eafffa0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":2327,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 66 x 66","md5":"09e2544297338b84eee1c2cd0eac23d8","sha1":"4c07242aef5a58da166e675443bd1808e6b1c44c","sha256":"bc5b030f6f3d3d309ee03d6e75e4391dd2ec1a380390c5d33fe0ea654b5fc968","sha512":"08ffe6cf681a7e087086c77f7adc3af6c37533c4aa4daa09558696b06151c91602661759b9a504fa0745ac46c475f28a2dcaf94eb9d08bd94a891214ae0b3178","ssdeep":"","tlshash":"fe41f808f88778c1d25d213179f6917735124580c5f4a9bbf84cc48607a80f589ad4fb","first_seen":"2023-05-02T20:16:10Z","last_seen":"2026-03-22T13:55:09.206617Z","times_seen":163,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/theme.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/js/theme.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Fri, 31 Oct 2025 01:29:52 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 225\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jMLvUQNhAwfzECRxBwsSlUEI1Ki6grz82cCFgNYWzwATrPFipE3ZyxA9gOTT61RUPZzdVpM%2B2l5BQLBw7V6lleJDRlYpPj7j6CQn1sS6gX0a\"}]}\r\ncf-ray: 989931eb08050731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":44830,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5357), with CRLF line terminators","md5":"d8176b4cb2798d51558fe707c55d7fbb","sha1":"2d49a0b8afb91121d20469c210566fb8d21e82d6","sha256":"497a2c9b733f23e5ec7ba08698be68a7cc7c121213e78be6a9db5ceb3943b8c9","sha512":"35bdf908dd7eeb6cbd0c3d6f746e3ef87b992bb188e16f4ccc4966c26c774086f866dd603978d9dbdc65fe3488c4bdd3346c78daad3b39da835f8d34a1514811","ssdeep":"768:sdsHXBe1s4RPwBTlttO81x93OD4JdbNC6vALeqny+C3s1pR7T8I5HDwLYPLAWyCt:sdS4D4JdbNzvweqny+CQpmeHMYPLNxn","tlshash":"4313ea883182b12787f761f5a05f620bb172a9a5a04da43df579d4d1bef4e881123ff8","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.125086Z","times_seen":284,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/js/bootstrap-notify.min.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /js/bootstrap-notify.min.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-frame-options: DENY\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Mon, 03 Nov 2025 00:54:26 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 4631\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zsIGdf94SlNAgp4TCetAJ16f2QvYXt%2BUaM0NALxuv%2FE5M8emNxBiMfiuSxJcJK6GkfyK6%2BxR2WwTMrlML%2Ft3xm7XagpSDPrMcdJjMgFS%2Bqy1\"}]}\r\ncf-ray: 989931eb08080731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":8216,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (595)","md5":"5ba070af9d1b1a2782851940de30879f","sha1":"d33390fc88bf68bd23eb182d7dbc77f5227081b2","sha256":"a13a07b242c80b57e0cbbacc6cfedb538d4d331ff1f9dff370519ec57407e450","sha512":"3d793cb731b6a060ea4b68dd622b76ee0db7f1ca5536fd4b4831b6f586c8f4f6634fcfc64d7dd93e85298225e9a4aba6d9d44ca3d8fabc2dfd365a02df60abe0","ssdeep":"96:YjcZsiBifeECqrETiqx8D6Eie9tJzg1YkwVgwIuIL3BMLbR7HdvxsyBvoPrrOLKE:kFi4f/7ETi7DcKtJ03LLkp1xs1O","tlshash":"a902768d7112926a825b9277a08e0300f536a615e517f63d3e3ac4e6bdb4de822173f6","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-04-03T17:07:22.646019Z","times_seen":494,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/ea/droidarabickufi/v6/DroidKufi-Regular.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"F3:C7:68:20:2E:52:7F:61:4B:43:46:72:CB:A9:29:91:40:A0:5A:96","sha256":"1A:0B:E2:45:70:7A:DB:88:E8:4C:4E:DF:ED:F5:08:2F:2B:2A:CA:33:09:72:DC:80:8B:D2:7B:C6:48:3D:CA:D1"}}},"request":{"raw":"GET /ea/droidarabickufi/v6/DroidKufi-Regular.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 31248\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:45:59 GMT\r\nexpires: Fri, 02 Oct 2026 12:45:59 GMT\r\ncache-control: public, max-age=31536000\r\nage: 219100\r\nlast-modified: Wed, 13 Aug 2014 16:50:04 GMT\r\ncontent-type: font/woff2\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":31248,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 31248, version 1.0","md5":"436938da6ed799ca17110e719e4d2e51","sha1":"b7ef31b6085a9f0963dffe7939abca527724d389","sha256":"a7b09bb9c8e8e2fb189204e08ed94bd8096c118780b5e926847cf2748ca7c5c2","sha512":"7e4d6769197b05994e2ee2d8570e66d235a5322e8250179f97e501dc6bcd7c0d5f9f07e270670977812e9d72d652b736ef5c81c587d180ead66cd83aa4a10f99","ssdeep":"768:FJtbpWa4AHdCpfyRcVsjmk4h348ZOtsQivESLbxl:L6nAHdC86Vs6k4hVZvhl","tlshash":"b6e2e1539eb17dca103a71f14ed1be97c5c148729229a9741ca7b4f820ce49b72fb287","first_seen":"2023-04-11T00:32:28Z","last_seen":"2026-04-03T12:35:42.591024Z","times_seen":1385,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":50,"dns":0,"connect":8,"send":0,"wait":13,"receive":7,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=759\u0026rd=759\u0026fd=508\u0026bv=25.9.7989\u0026tmpl=70","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=759\u0026rd=759\u0026fd=508\u0026bv=25.9.7989\u0026tmpl=70 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:39 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":669,"timings":{"blocked":288,"dns":5,"connect":94,"send":0,"wait":92,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fsaptiledispatch.com%2Fsb%2Fnotifications%2Fcinema%2Fdefault%2Fus%2Fall%2Fclose-rtb%2Fv2%2Findex.html\u0026l=1267\u0026fd=646","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:05:39 GMT","end":"Sat, 29 Nov 2025 00:05:38 GMT"},"fingerprint":{"sha1":"E2:5D:94:19:A8:E3:DF:BB:0C:81:C9:E0:EE:8B:9E:E1:F1:AD:67:58","sha256":"38:80:3F:7A:65:C5:71:DD:A6:A0:20:12:A2:CF:9E:19:28:AA:28:ED:C3:D3:FE:04:AE:C0:61:69:26:6D:27:C1"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fsaptiledispatch.com%2Fsb%2Fnotifications%2Fcinema%2Fdefault%2Fus%2Fall%2Fclose-rtb%2Fv2%2Findex.html\u0026l=1267\u0026fd=646 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nCookie: uid_id2=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971262=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:41 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/custom-logo.png","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/custom-logo.png HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 14834\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-frame-options: DENY\r\nlast-modified: Sat, 23 Aug 2025 08:57:40 GMT\r\nexpires: Tue, 04 Nov 2025 06:04:42 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 2392826\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PCW3mMEpT2dwttimy6AZwg7V8H29lcxDDYLJkbaNsY%2BSmgQH5PrkmZNrZntT8gqJtv35It7J20awO%2FeAizh545WzMDdt9uZ57ie5dnjkRf%2FF\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eafff90731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":14834,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 233 x 80, 8-bit/color RGBA, non-interlaced","md5":"c15cac8a49c3e5f6920ed74007d4a4ef","sha1":"d3ba08843e6bd66d498ef3c511bdc5c862990db0","sha256":"fd10838687d9d62bb4f1214281cdc9104f13e8a8c3df4211a99bb6e819763dfa","sha512":"0065805573c55c761ccd661f4f688a3cac43ccc3821e5e877903e635ece307a483b3848a62bc8ab7ac559dd4ba56accecdf62c811fe230c4008ac0aa9d321800","ssdeep":"384:e60xxcKLMuXTturekWnz6zqV+wDnugsqGVV:e60xu7ETtUlqVvDLsqcV","tlshash":"1962d0128981ad2db92312b37652f592dbd7f9808d83ed00637a8fb2275fe7114df490","first_seen":"2025-07-13T23:17:02.9144Z","last_seen":"2026-01-09T03:24:48.945861Z","times_seen":12,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"netdna.bootstrapcdn.com/font-awesome/4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0","fqdn":"netdna.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:23:24 GMT","end":"Mon, 08 Dec 2025 04:23:14 GMT"},"fingerprint":{"sha1":"2D:94:96:D6:08:54:E8:A2:4A:A9:D7:90:E4:75:91:6B:AC:CB:AA:24","sha256":"24:50:0C:86:73:A4:E6:6C:AD:20:57:80:86:4E:19:B1:E9:76:7F:2A:BE:CC:E9:75:B2:07:67:62:FA:9B:E7:8D"}}},"request":{"raw":"GET /font-awesome/4.4.0/fonts/fontawesome-webfont.woff2?v=4.4.0 HTTP/1.1\r\nHost: netdna.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://netdna.bootstrapcdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: font/woff2\r\ncf-ray: 989931ec1b225690-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\netag: W/\"4b5a84aaf1c9485e060c503a0ff8cadb\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:54 GMT\r\ncdn-cachedat: 05/26/2025 07:57:59\r\ncdn-proxyver: 1.28\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1054\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: cb4495e27f40493101bbdbf1851b8ac2\r\ncdn-cache: HIT\r\ncf-cache-status: HIT\r\nage: 3659825\r\npriority: u=4,i=?0\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":64464,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 64464, version 4.262","md5":"4b5a84aaf1c9485e060c503a0ff8cadb","sha1":"574ea2698c03ae9477db2ea3baf460ee32f1a7ea","sha256":"3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019","sha512":"05196036c41398616c077925fc4bf252e81f11b6ebef8745047d75cb2c8b80441b8c3593f4d5b2617089e9f3d8d957f9edcdf8e43993661a277be8f4b6a32111","ssdeep":"1536:wOhGmmMET1VwoQNDerkOtxhncPvaAAGzw9jD8RlhANsK1q:JhkhVINDerkO+aAAGA/aANX1q","tlshash":"a753f162a0233101d19918bb7d39ffe22b01c1cee34659c7dda62c5338e5d5472abe2e","first_seen":"2023-04-05T03:42:19Z","last_seen":"2026-04-03T23:46:20.21145Z","times_seen":19368,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:39 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3430\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ad58dc6cf55941ee9ca1aa45b57ab353\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6293,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6293), with no line terminators","md5":"6062294451a7a581dc74178c7c5a1332","sha1":"c8e09f671561b72bdae9fd3cfeea799629430105","sha256":"c556ffdcc50d996a51234a1dec5ae85925ffa13c788b800be900dc5eb1344d79","sha512":"5b4bcb7d6530bfa8d33d4c769d0934938af4e7842a518556021ed900fad8a06bc39c2d35494586adf34e4d6fe19095b2d41c726b8214746527e04cec9e910594","ssdeep":"192:M/H3P83adOwGuABXfKOBPpzbo3j3rFuuV6:MP/83adOwWp0j3Buz","tlshash":"fbd1a8dc768070800be7e97f776f651ab06a58501c4fe491f003a9e83d6872ed63eac1","first_seen":"2025-09-26T11:10:49.483616Z","last_seen":"2025-10-14T12:32:44.197235Z","times_seen":1614,"resource_available":true,"data":null}},"time_used":663,"timings":{"blocked":283,"dns":4,"connect":94,"send":0,"wait":96,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/melody.dev.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/js/melody.dev.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 20:52:46 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IlUhPCYYI4Qdo9UadY57oJpQN5Na77RS3MQY7AbzVOw%2BGw1AR86HDpYvo6suJcbDrjOTG7Frop9kAbKS3mrv4KS4DDKZIeEXf16HUx8QmLeQ\"}]}\r\ncf-ray: 989931eb080a0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7961,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"c3bde81760af5b3df4d0c56ba06a0fca","sha1":"ecf2f46def386ad8f62fad28edc36c8440f339cc","sha256":"c6f149f7dcbe38ff7b1391b1fab3462f06309f79df7bf9135ba1e75b13189af8","sha512":"7b8e060be27ba820f50b8905cabc32507f821d5dc8ca768cfcd26521ee90568fc5b4e43181f08b587eec7e6be5c201679a7cb1a8ce8fc3976a1159a4b423f95c","ssdeep":"192:EcGikGJsJfwbyN3DkPMnBE4c+mqa5F9iiN8lwwIJiN8lwwb:f4yyN3DuMnBjL+PL+u","tlshash":"d9f15498b39d679eccf63266553d9404cd3ec1328203c2687d3d61941ff8ec52a76aae","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.218986Z","times_seen":269,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:07:02 GMT","end":"Sat, 29 Nov 2025 00:07:01 GMT"},"fingerprint":{"sha1":"AD:4F:15:9E:60:62:A7:16:BA:4B:37:64:C6:01:6B:2B:99:47:89:BE","sha256":"44:74:EA:98:35:48:9C:28:63:20:61:17:18:F6:2B:0A:57:68:36:F4:EF:B0:67:1E:C0:7C:41:30:13:2C:02:F1"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:39 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 78404973c397fbd77377b3e7f11f2337\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":247,"timings":{"blocked":114,"dns":45,"connect":23,"send":0,"wait":19,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fcinema%2Fdefault%2Fus%2Fall%2Fclose-rtb%2Fv2%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=44","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:05:39 GMT","end":"Sat, 29 Nov 2025 00:05:38 GMT"},"fingerprint":{"sha1":"E2:5D:94:19:A8:E3:DF:BB:0C:81:C9:E0:EE:8B:9E:E1:F1:AD:67:58","sha256":"38:80:3F:7A:65:C5:71:DD:A6:A0:20:12:A2:CF:9E:19:28:AA:28:ED:C3:D3:FE:04:AE:C0:61:69:26:6D:27:C1"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fcinema%2Fdefault%2Fus%2Fall%2Fclose-rtb%2Fv2%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=44 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nCookie: uid_id2=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971262=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:41 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":31,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"54:09:EF:2E:96:03:5C:86:DF:F0:DA:AC:A6:7A:0D:35:49:4E:68:90","sha256":"0E:84:83:07:1D:C1:46:17:EB:EA:2F:15:CE:88:56:D2:FF:9E:AE:31:D2:C3:FC:DA:00:24:46:48:43:CD:11:1F"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 05 Oct 2025 01:37:41 GMT\r\ndate: Sun, 05 Oct 2025 01:37:41 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"a90fc2bf15e304ef3fa4e7f75b6a8608","sha1":"0f8c2853b49a7c206d75af99117482d80a60f869","sha256":"6e10be4b6befecf6f3d1ae34b727939e6da334a1f2d815fd325ba9c455520772","sha512":"0d1a14e11c436dadf51cc489592867eaff3cae2c4a95748d2a25614c984560ad3588fb95e2aaafd4060d4954594951d09e71ab36e9859fb8590198811f156fc4","ssdeep":"384:pwf5wgwPwrwyUw/qY4+w4wYwpwfMw1wWw6wyhw/qY4XwNwtw4wfdwkwDw3wyQw/P:pc70afUQRptmJKBLfhQE8YTYHw+fQQVl","tlshash":"b472ed91041700009b835ce223cebf35fe5f92117141d0b9abfd9b6badcbc6652693ad","first_seen":"2025-09-08T23:24:40.129975Z","last_seen":"2025-11-18T23:33:55.863403Z","times_seen":3582,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:42.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"F3:C7:68:20:2E:52:7F:61:4B:43:46:72:CB:A9:29:91:40:A0:5A:96","sha256":"1A:0B:E2:45:70:7A:DB:88:E8:4C:4E:DF:ED:F5:08:2F:2B:2A:CA:33:09:72:DC:80:8B:D2:7B:C6:48:3D:CA:D1"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:57:53 GMT\r\nexpires: Fri, 02 Oct 2026 12:57:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 218389\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T00:31:06.921966Z","times_seen":713416,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/4c7efd486-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/4c7efd486-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 27260\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:40 GMT\r\nexpires: Mon, 01 Dec 2025 01:54:24 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N0OB1XBkkIJsnJ6jb%2Fz1%2B1dCpJh9BkPj0GQ%2B%2FJLrqs%2B%2F9w5Ae5ZIvp97xhf2elVEzLVwt9PMxDTro7rKlWcwUcclk1H%2BsDjJ0X15suPeTvCl\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eafffd0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":27260,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"164a06ec155638dafbefd819e08bf0fa","sha1":"7cf7a14fed9c64db34208c9c5caa27d4c8545a2d","sha256":"975e7eb902f98f6c862008ff327335ff53d4b554e32d58c6740516d60b5984db","sha512":"7286d80b0f05a84968fd3eb58b9bc104a702f6cab96db1889a9d66c391094cbc96acf9029019c5079455924df49fc291fd52bda7103d080641aaaa0efb1bdaa8","ssdeep":"384:URFW2ogZJHcfnkoC3+fHCSGTgnW1xozX9RrPyRsYBzZb8JKH3uY6EaPTGps:UDNJHPd+fiJMW1yzzmXZb1HEhG6","tlshash":"18c2e1be69c179fe5835a5a7109dd483d06e4efb732d155a8c730f92d63e01a3422638","first_seen":"2025-10-05T01:38:06.609484Z","last_seen":"2025-10-05T01:38:06.609484Z","times_seen":1,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/4a4ea4957-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/4a4ea4957-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 15600\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:42 GMT\r\nexpires: Thu, 27 Nov 2025 14:39:38 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 31101\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EHFqnu9XpfRMe%2FUf5FQAanic7x3L2PNzC%2BarJhoNs1kWnvJHgW8B2JdR3xKhgHIA0w8GdksIIoFuFwAQx9iM1aa1hD1W57qlaixG7q63eZfv\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eaf8030731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15600,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8b55c39dc5f3dab647184c013d23365a","sha1":"e0c35c6594559aed7a653b7d300b56cf67500c0b","sha256":"1029ecc4fe4bf818925bd209dce369ed6d910e33d815454d02be9a644543e4d5","sha512":"00a4d4b6c5dcf123df2db60d121c34f3c28f6faeacd2989f448b614131ca886a42074d1c9934d8fb1e66bad6ad67f9061a908aab44b419569fb993a54a7ba1c4","ssdeep":"384:QZmDQRq9YkUAlFmVRvBS5s+U8t8k7KQUWUCPt:JDHYkUeovBS5ntB7KQUMl","tlshash":"a062bff60d4465a13a951868913ca2b175fa3a3fa61e3c376eb41e91ec6c4c428e44f3","first_seen":"2025-10-05T01:38:06.610746Z","last_seen":"2025-10-05T01:38:06.610746Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/js/melody.dev.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /js/melody.dev.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-frame-options: DENY\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Sat, 04 Oct 2025 02:45:22 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 1048224\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eBqo%2B%2BA6iujVP%2F4IwqfU52F1ruTtIrlsZ66LtO7v3lLfN4SNg4AwKjq8G7VIkVHReoXCj%2BsqeJ1%2F63z6dA5lXqlzv8ogtMs4KgFVPYJvO9e1\"}]}\r\ncf-ray: 989931eb08090731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23108,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"e238acf58475d3cdb95d614582134b24","sha1":"b13c1da1f5254cb14f4f187bd5174ed0feb08a23","sha256":"f3a4cbf3a8090b121a0d6d6dd8feda9f92831cdb5a070a7eb9ef58234c1f4eab","sha512":"7209c4cb8692e5a1fce4c6bad8081361c857d45b179b935a7291b0682c514409584e10b29bb56905dafd5d3dc8831d82c78cf9895c7b59ac2239552f6abf1f2b","ssdeep":"384:krC7SV8zve0Nfenff87NLRld9gTSOW6VUH:krC7+860lRLRGTdK","tlshash":"f5a25405f2ed1e6600b334360cafa4853a3c99b798048d59fd5d21e85f6cb7ca972f4a","first_seen":"2023-03-07T12:12:06Z","last_seen":"2026-03-29T20:18:02.23372Z","times_seen":492,"resource_available":true,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jasny-bootstrap.min.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/js/jasny-bootstrap.min.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 20:43:49 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eCofuNGeJeRYpYVoNyLMAcW9gxo3Yfyqgel%2Bw6%2F36evT9yK9aVKKkCBmQMeA8EdjermbQ6GMN%2FCy4YTFz8FeorYL2PwCwy0nBgDwGJ8W5sjg\"}]}\r\ncf-ray: 989931eb080b0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":20042,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (343)","md5":"f6b6e524d29d54ada53e4172b9d91cf7","sha1":"427153c7a2d83d2ca800e397779f29b857801ad2","sha256":"e7ad856551c720cb7c6a24a8bf4a9d6b6b24c24f07109cde96366338e53a4ff8","sha512":"13c01f28dd38a2b10ce27bc4dc60d510b2067e408ba1c0a26b0eb7fd39dd4300265278d529925e56d40bdc06a32d024558ca10a20d1ced6c186cc9ac263cc36d","ssdeep":"384:rKLCtf00Rd7HyeSOjjWhuU4AHL6JLeUxVM1MJsisNV+bocACk3N7K1nj:rbR00DHyNOjKhuVAWLxA1MJsisNV+boo","tlshash":"4e92664579b0225903ffa17601db4749f336eb28984a411cb4789ad76e39d0a72bbf3c","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.152883Z","times_seen":582,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/css/jasny-bootstrap.min.css","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/css/jasny-bootstrap.min.css HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/css\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 21:12:53 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pejerwg%2Fgbockdflbwi4nNnLfrt68UO9w%2FF5oiwOL9Qw37LnjEaTAAAknmT6A46NlbisRfUW1S42K2%2FfwrE98twFAsgpnFQxb1%2BfUmsZ4hab\"}]}\r\ncf-ray: 989931eafff30731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14003,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13803), with CRLF line terminators","md5":"56a224ccaaf1ad3df6ee7dbbc019aeac","sha1":"2ce1ef76b342a8fafda1e03a62b99be5340812bf","sha256":"777a9e5bb5d35fd671e5b252c67a0cf462baa8258db145ef6ea7dadf4de4b481","sha512":"5d4aabc83a5c849c66b818d21dc630da87df200b5fb0cee8f6209f7dfad5982136e2030f7d9fd9bc644a30b5689498aa40b42274ff8880a09f78d3209d64a30e","ssdeep":"96:4jVRNThJA9SfqYUV3KSIu97RC1dCVHvQroKSccwHF964Uv8zc2aHn51P/CtEDBW6:Q3uSfZDHu97RC1QVHvKDUv8zc2adB97P","tlshash":"ec52bdd17ca47a8a9e13820f90d5d6f0db1218519d982ab7f1b333895d0b78d82f9f2d","first_seen":"2023-04-07T18:47:56Z","last_seen":"2026-03-29T20:18:02.133771Z","times_seen":415,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/0eb53db2d-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/0eb53db2d-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 17012\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:42 GMT\r\nexpires: Sun, 30 Nov 2025 05:48:44 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AukiASBNIZ6mwsXSPgumUAi5JTZfyKUWb1to0koGAyisESQ1lQ8T%2Fo9jgHnAyXuYh1AZiSNosgeAms2XBPQoi063QW%2Bb5XNO88mW3tlHAuqT\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eaf8010731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":17012,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ed82cc31f2302fde00bb90c216ba6973","sha1":"630111ae85a3f471f60ad52fc2f40220ec3d5dbb","sha256":"0fa29630b0dc71463aedd423a7b1b6b54c8d00724c7f1e5fb5d3525d79edca39","sha512":"9ba284d1756c377ac6c899097fc3f25cda249eb32db3d5e00373d05544cbe5de1d8460e1eb87dae80de241f39349aa9947b65e4f234698ad9bf53d1ec84caec7","ssdeep":"384:/IMUZXHLO6CoftTrmKapuywGIEsNI66LlbVl/XcfNfSa/:hMXLgQTrnapuEITEB5VM1aa/","tlshash":"8f72d1eb733fee7295162f0626dc905a1d60d8d1ab27bf291828417cd3a360d7e5d1e0","first_seen":"2025-10-05T01:38:06.620714Z","last_seen":"2025-10-05T01:38:06.620714Z","times_seen":1,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-T9LGLZQTB5","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /gtag/js?id=G-T9LGLZQTB5 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\nexpires: Sun, 05 Oct 2025 01:37:39 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 140732\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":422414,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"d6bdca7719f93e5c4923a5ad8f431c12","sha1":"998b8695b52fd31188e2d68d5d5d3cae0c5f0067","sha256":"cc1e5b6102e00e436050abd2bfdabf4dd176bd2588b41b0be4d6d8c018e98173","sha512":"67ce43592ac81aecdfd0ee483a485b73cef82fc3c5719b07ff9dbfed70190d2f7e98745af9702a9e471545d34a0493f2da6df8c5b055d83c47e4d6cf4eed73db","ssdeep":"6144:ABzZTP5DyYvRC1cZwtgk6dSLd6gZg1X+6RVt:O9bdtvIcZwhGt","tlshash":"14941ace73d674665396e478903f018ba5bb28a2f44cc899f189cce42d74a9a4137f7c","first_seen":"2025-10-05T01:38:06.621925Z","last_seen":"2025-10-05T01:38:06.621925Z","times_seen":1,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":93,"dns":2,"connect":9,"send":0,"wait":33,"receive":38,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026es=1\u0026e=gtm.js\u0026eid=3\u0026h=Ag\u0026tr=1gct\u0026ti=1gct\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026es=1\u0026e=gtm.js\u0026eid=3\u0026h=Ag\u0026tr=1gct\u0026ti=1gct\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icon.dt.bmndx.com/v2/846/e1ca1b11-a18b-11f0-b968-3cecefb20485/1/ic","fqdn":"icon.dt.bmndx.com","domain":"bmndx.com","tld":"com"},"ip":{"addr":"138.199.37.230","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"icon.dt.bmndx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 00:12:36 GMT","end":"Thu, 27 Nov 2025 00:12:35 GMT"},"fingerprint":{"sha1":"9A:25:B4:19:00:80:B1:57:2B:CC:6C:0C:10:6F:77:E6:30:3B:8D:4D","sha256":"11:A7:F7:84:06:37:39:04:E0:4B:FE:8B:56:E9:63:5C:10:AA:06:7D:73:6E:04:86:7A:E7:61:B4:30:32:84:DB"}}},"request":{"raw":"GET /v2/846/e1ca1b11-a18b-11f0-b968-3cecefb20485/1/ic HTTP/1.1\r\nHost: icon.dt.bmndx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sun, 05 Oct 2025 01:37:47 GMT\r\ncontent-length: 0\r\nlocation: https://cdn4.mndx1.com/icon_10808164952683908_71.png\r\nserver: BunnyCDN-DE1-864\r\ncdn-pullzone: 1365464\r\ncdn-uid: 5ceed8e7-cd08-4fa9-9fd5-2c309512d291\r\ncdn-requestcountrycode: NO\r\ncache-control: no-store, must-revalidate, no-cache, max-age=0\r\npragma: no-cache\r\ncdn-proxyver: 1.37\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 302\r\ncdn-cachedat: 10/05/2025 01:37:47\r\ncdn-edgestorageid: 1053\r\ncdn-requestid: 096c4013c89e2ac6f8519e4d51569d6d\r\ncdn-cache: MISS\r\ncdn-status: 302\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":14673,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":10545,"timings":{"blocked":5207,"dns":5145,"connect":30,"send":0,"wait":130,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/cinema/default/us/all/close-rtb/v2/img/close.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/notifications/cinema/default/us/all/close-rtb/v2/img/close.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 4022\r\nlast-modified: Fri, 19 Jan 2024 14:20:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa8537-fb6\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 934083\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7Bu7lIrYPK1wuc4QccG2v2DbAumm6T8kMqvHoRZCTKxbo3PUsFw1dmWN2IRWL8C41rpAN%2F2dsz7KYegRn78aWWxvF2PeH8vGhhNuevmdOic%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 989931fcf89935a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4022,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit gray+alpha, non-interlaced","md5":"23e9690b0e7ac26868363a6248f44467","sha1":"d7ad0eae64e0c1e65b12eda0aa9d2b91996dd64f","sha256":"f362c67320d739ccf3bea21f857b9620075bd20ceacda8c51261b9612fe28395","sha512":"d5a8801b98aec11957fb8dc20b1595f1f47504d528bd89833b407ee71e715a57387e9762e3ef7f9d7ebcc87596737f9bddecab21c7ba3f456c8f3b111e025170","ssdeep":"","tlshash":"d981193882564c7cca0a77a10501f861e21f386cf97fb4678873a4d8430e2abe75f17a","first_seen":"2023-04-05T23:50:36Z","last_seen":"2026-01-22T21:58:37.433134Z","times_seen":2452,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn4.mndx1.com/icon_10808164952683908_71.png","fqdn":"cdn4.mndx1.com","domain":"mndx1.com","tld":"com"},"ip":{"addr":"138.199.37.229","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:47.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn4.mndx1.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 24 Aug 2025 20:09:53 GMT","end":"Sat, 22 Nov 2025 20:09:52 GMT"},"fingerprint":{"sha1":"41:B1:B8:7C:FC:26:FD:00:1B:6C:9C:07:E4:BD:85:A7:66:4E:67:5E","sha256":"0F:BE:EC:B3:7F:1D:68:24:65:8D:1F:0D:86:A2:7D:68:9F:19:41:2E:9A:0B:CB:21:F7:59:98:1A:50:7B:32:49"}}},"request":{"raw":"GET /icon_10808164952683908_71.png HTTP/1.1\r\nHost: cdn4.mndx1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 14673\r\nserver: BunnyCDN-DE1-865\r\ncdn-pullzone: 1050139\r\ncdn-uid: 5ceed8e7-cd08-4fa9-9fd5-2c309512d291\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=3600\r\nlast-modified: Tue, 25 Feb 2025 11:17:53 GMT\r\nx-rgw-object-type: Normal\r\nx-cache-status: MISS, MISS\r\ncdn-proxyver: 1.19\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 206\r\ncdn-cachedat: 02/25/2025 11:22:23\r\ncdn-edgestorageid: 1075\r\ncdn-requestid: d25b9eff59f8bf9810ec765360e3f73f\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":14673,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"39d372f27674eabae0ad43b725ca9323","sha1":"f869722c4585a45f3f93ee68930b1f9cd258e229","sha256":"9e6a587df07b0450b3cea5ee626df3bf344572db6be288116ab57e6ad70e0d0d","sha512":"1a66765d79e137a9cfd3b53da20967096b08c28700d8d04574df588258c62b85ad6306413986a3681bf483764d7b08a0c3aef800f763a9a4ee11cfdaba4de02f","ssdeep":"384:xYGFp8KWHoLIiv1M8MllbRKd06+W23Q/dHj3SaR:yG/ZB69RK/ZdHTv","tlshash":"e262c1a9b4173ec1d4ac44efd9a59648ebf1c720e1124af30623798e6d51fc35984ed4","first_seen":"2025-02-14T01:16:10.627252Z","last_seen":"2025-10-07T03:49:32.1931Z","times_seen":95,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":64,"dns":3,"connect":29,"send":0,"wait":29,"receive":28,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/css/animate.min.css","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/css/animate.min.css HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/css\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 21:12:53 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EA162jvW2gxmnoRmIujurIeNX8tg4Uig1MwW2xfGyK8gr85W6prK9rkEFeOqvkpn1x%2BNZK67Vf48OdvGw%2BI8esAmqzcYnUC0fcV%2FInFMx0Ze\"}]}\r\ncf-ray: 989931eafff50731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57990,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (319)","md5":"3d0a26b7c254da8c0d297e753ff23f65","sha1":"877d0bcad6716a05066d9b6dab07e264f631a5f0","sha256":"f1f0041c0c62f37ee475d174370f574a62afd842055e79a86dc4c722532de6bb","sha512":"cd0a8d03e95d1cc8cc7f9ea733b1ed7d6eaff7cc36baccbeee492b11e91aa10c165e43ac33f0e29990e5dcf7826a4b49b0b0409114da5b4822a4a5f7fb37d594","ssdeep":"768:dkZFpVIBIEwQ1oAhkIDz3gy65VraeX0UTGsXsV:dkZUwQ1oAhkIDz3gy65VraeX0UTS","tlshash":"b74346ae5891238a91674fa2c3dd5e64473dc67314621cee3381684b8f87f9e33da247","first_seen":"2023-04-07T18:47:56Z","last_seen":"2026-03-29T20:18:02.188656Z","times_seen":367,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/ed16cf6cd-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/ed16cf6cd-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 25056\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:41 GMT\r\nexpires: Thu, 27 Nov 2025 14:39:38 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 10842\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=58RbT6iUW5t1xp3p4v3CuGlnC01h4KZSJbS2OMnG%2Bwyo403Zv51L91AqdSdI2PYOls5PmM%2FbpOdkB7nUuFEYarGHilnSrtpKKsbD%2B8NT%2By%2FO\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eaf8000731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":25056,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ca9c8f57245b84146fdc96bc7d2079be","sha1":"e83a1490ee1c49262bf7d80e9634b3a320d0d9c7","sha256":"971a68f9bde86ede58ac6b3210801cade091a24ed5547192b2853f97ef665c92","sha512":"1e575c10709e37776e0c5918733a24a18e27b1df1d3eebfcb5132a36a61f0b9c4bcb4c83389169a9d8b7ffb7309f8b244bb876b555af4b0edac8cedb57ec063b","ssdeep":"768:vHpb82i0jzVVeGX8NrEynpMSYaE95BaOZt5l:Rb82BpVSfpMSc5g25l","tlshash":"92b2e06ee1f9a8352e0960db96e14234e5ca5c9d4c2ef20f85e27d32804fbd87b44067","first_seen":"2025-10-05T01:38:06.625411Z","last_seen":"2025-10-05T01:38:06.625411Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"netdna.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js","fqdn":"netdna.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.11.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 09 Sep 2025 03:23:24 GMT","end":"Mon, 08 Dec 2025 04:23:14 GMT"},"fingerprint":{"sha1":"2D:94:96:D6:08:54:E8:A2:4A:A9:D7:90:E4:75:91:6B:AC:CB:AA:24","sha256":"24:50:0C:86:73:A4:E6:6C:AD:20:57:80:86:4E:19:B1:E9:76:7F:2A:BE:CC:E9:75:B2:07:67:62:FA:9B:E7:8D"}}},"request":{"raw":"GET /bootstrap/3.2.0/js/bootstrap.min.js HTTP/1.1\r\nHost: netdna.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncf-ray: 989931eb5990b4f9-OSL\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"abda843684d022f3bc22bc83927fe05f\"\r\nlast-modified: Mon, 25 Jan 2021 22:03:57 GMT\r\ncdn-cachedat: 04/15/2025 20:24:26\r\ncdn-proxyver: 1.23\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1055\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 2fa5e87e316d7b7ab6b76631d1291de7\r\ncdn-cache: HIT\r\ncf-cache-status: HIT\r\nage: 763667\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31819,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (31650)","md5":"abda843684d022f3bc22bc83927fe05f","sha1":"26908395e7a9a4eab607d80aa50a81d65f3017cb","sha256":"24cc29533598f962823c4229bc280487646a27a42a95257c31de1b9b18f3710f","sha512":"3f1b46e9ea0fb6be507605a2783af406c6b4f885dedaa4401bff204b0fe9056656717411021594e2512e98a4e398e3238267a7deafeba1b57e443decab0477ea","ssdeep":"768:xoBFw1wl+WRydWDRQgn8WI0fBQLrX84XCqc:SAr2MRCqc","tlshash":"43e28446b23031a107dfb2e5515f020b723a6a6de906907c38b999f53db9c48727bf39","first_seen":"2023-03-07T01:03:23Z","last_seen":"2026-04-03T22:59:32.303753Z","times_seen":7131,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":46,"dns":1,"connect":2,"send":0,"wait":10,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/cd6278cfd-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/cd6278cfd-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 24952\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:41 GMT\r\nexpires: Thu, 27 Nov 2025 14:40:35 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 213739\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HCEazLTAc8FnT%2F38k49Ldt%2Bk%2BIMr0hbBqd7oAwBZHgB6yOy%2FtRq%2FjAGbvD6xR8t1cLeOQueir9vz3pGtvKUJnDitbawscglFTq84DdY9p8eI\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931ebf8180731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24952,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2d9ec1f8291d278412a8672fd1fdb5e4","sha1":"876f1fd0903c53645748903ba70ba36a649d590f","sha256":"fd10b30e507d14b30e15a1261c94559ceb367487d4cab0e1b2ac91d2eddf3871","sha512":"dff8ff7f0fb224fd039244372e6b10f619fb8911cd5e6cbe50a685a35e99e3015ef52baa86a323276a3c7f43e1b9f54d5b3afdc7bd54e541f73c1620f3411bc3","ssdeep":"768:XfoNNImM6fkeOiryM8CiDxm6nZrQdXR6LEeBCf:SGmMbaFHOx3ydB6Y","tlshash":"17b2e10466d3c779857024080ea47feec6e30084e58f0099e3812a516aaacfffdf1977","first_seen":"2025-10-05T01:38:06.628035Z","last_seen":"2025-10-05T01:38:06.628035Z","times_seen":1,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026es=1\u0026e=gtag.config\u0026eid=9\u0026u=AAAAAAAAAAAAAIA\u0026h=Ag\u0026epr=1G.2G\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026es=1\u0026e=gtag.config\u0026eid=9\u0026u=AAAAAAAAAAAAAIA\u0026h=Ag\u0026epr=1G.2G\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/46/6c/21/466c21c39eb224635d18fb77ada6bdb4.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /46/6c/21/466c21c39eb224635d18fb77ada6bdb4.js HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:39 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 29957\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 05a7aca3ddf26ec6aeecc858448e3301\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":76323,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1f4d891ae052ed0c23287739f3432936","sha1":"8c0e958eb6f96d09c854eed6fa7d321bae790dfe","sha256":"29434a789baf4c6ff95014cec874989c7b38f5a53f8b3ff754e70d02d1c7a93a","sha512":"881e460307a6d8360e45b0298708eb0545021e3848168b223d200432ee05be419aac4576dcd3345a725a8ea9a45088fe3cba6948b32a7b868aa0dadbe13e8f45","ssdeep":"768:cpCxicwKzukjCm/hYE4JoYC3ouzBcXInwrHpSFXcdDqxv1l2qo0uw7T3SPGw6uXT:cppUCQ37XwT0Rcd+9keSPjzeE","tlshash":"ff73fa4c3f95f1ac43a26073222f941bf12a1d51b46cf8c8d253e8bc6eb9769b536b14","first_seen":"2025-10-05T01:38:06.629463Z","last_seen":"2025-10-05T01:38:06.629463Z","times_seen":1,"resource_available":true,"data":null}},"time_used":754,"timings":{"blocked":282,"dns":3,"connect":94,"send":0,"wait":98,"receive":91,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/img/favicon-16x16.png","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:40.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/img/favicon-16x16.png HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5; _ga_T9LGLZQTB5=GS2.1.s1759628259$o1$g0$t1759628259$j60$l0$h0; _ga=GA1.1.1937902578.1759628259; cf_clearance=5Y9tmqxbIg89qvN8Pa5ju9.tuoYoOyqi7YB9Q5bDxTU-1759628259-1.2.1.1-8AHebz52l_CD6cPPw6cPzJmSBIToBxMXZcwEwrqeZlaNjaeGsmpxF_E7Q6LuW8PlcxMWvYRUleUsu7juoxJaXVFDygKY_4NZ1735GCCeaDyvJu7GpC6z7Ne5qwWWQ_yxBCtyPOZmBrzv_PN_Ta2wRgGWbIKDlrJfbU9CpsaGtlaH5kHB_vRpig4djVsCHV1MbiG_HVTVevpQXm7iKBljF1cMBGMzCrqNgDHYJs.Zeo8; dom3ic8zudi28v8lr6fgphwffqoz0j6c=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 948\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Thu, 27 Nov 2025 21:12:54 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 466689\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oFGG9UjglPur%2BS7C7STbMG1M4Lv53yFGH2eOFWINZeODGoi2dvibQX7dlVz8AC7o5OibwMI%2FXBmIPpcE9fHPNEwZP56Y4JwRpRIvdnHM6ViK\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931f1184d0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":948,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"6eaedb10d98855d4d441499dae2e241b","sha1":"933d3d4009b8f5a00188124d543f07528eb4584d","sha256":"cebb5b5b81950b80ed8504627cd3733cf3f0e55cfd6ee2d5275069357ed11a7d","sha512":"f3d76c21aa3e5a6a9b0fa785184100796c622b2b0ebce7f57d6d2adedfee9e43b20e5b1f805e5e3944f2bcaec75067b06b0c18c6863853a842deede7e1066845","ssdeep":"","tlshash":"bc1184c79771ffb8d8c9493ac2888250fd3096072e728255fb0aa2451a287551468f88","first_seen":"2023-05-17T19:06:56Z","last_seen":"2026-03-23T23:41:29.208041Z","times_seen":65,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:40.023Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bd76927d348d292096f4fe246ee3edac\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/60f1cdfc3-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/60f1cdfc3-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 21484\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:42 GMT\r\nexpires: Thu, 27 Nov 2025 14:39:38 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 218858\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6OpVhDNSOLfm3gbOINYqsEsNhtcyPjqJe5Ty9v4Vs9cSYGL6hozj241qPWbbqhouEB5ikuh25o9yX4HCmn%2FllDa%2BWSRDaJ%2FoWOxlBH%2BuxOSi\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eafffb0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21484,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ccc9cc2d7e3c85af050c23ee19ebbd44","sha1":"1f386bdfd3fd166e262edaed05223b24bf2084da","sha256":"7b987bf7f10d471934378b82a58ec9236ed246ab5a20f9cceca39808598b46a9","sha512":"5dc018729f9d8da05cfb3c0ea4521746e9ad2eb30ace618e34bb6dceb62499f435776ad56881803ec38139d61d65f11ebbe6564e29c2e0c5531f0575c91ff282","ssdeep":"384:I4WWoJ4VlCLJkWYTdxjsc1DaFu9JzVMka7oiyf9K3IhK/a8rTHG4bb:mwlC+ddhsc1DaFuLzVd5d/hK/ztbb","tlshash":"21a2e1e8cd3463de89cf65b1af775ccfc8076be3436e91160bbe309095d59942412865","first_seen":"2025-10-05T01:38:06.632421Z","last_seen":"2025-10-05T01:38:06.632421Z","times_seen":1,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/aclib.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 21:39:20 GMT","end":"Sun, 07 Dec 2025 22:39:07 GMT"},"fingerprint":{"sha1":"97:5E:85:70:5C:6F:7D:F5:DB:22:A2:2D:88:C5:E3:69:E8:15:5A:F4","sha256":"AE:9E:71:84:C0:24:A8:E6:55:FE:84:6C:3B:AA:4F:74:9F:76:47:83:B6:3D:D6:4D:0A:0A:74:54:1D:14:B3:EE"}}},"request":{"raw":"GET /script/aclib.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nserver: cloudflare\r\nvary: accept-encoding\r\nx-guploader-uploadid: AAwnv3Lx0UPOfVlXIWKvF30sGqvNgjW7QEQdN-31binHRLhoCsa4H3HP7xh909pzS9LxOTKc\r\nx-goog-generation: 1757575542484354\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 146805\r\nx-goog-hash: crc32c=awnbLw==, md5=2oIZShg2hs+Nc5koDKGoKg==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\nexpires: Sun, 05 Oct 2025 02:37:39 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Thu, 11 Sep 2025 07:25:42 GMT\r\nage: 1261\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\netag: W/\"da82194a183686cf8d7399280ca1a82a\"\r\ncontent-encoding: gzip\r\ncf-ray: 989931eb58a0c759-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":146805,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65499), with no line terminators","md5":"da82194a183686cf8d7399280ca1a82a","sha1":"a17b2662e49c8d8e47701735ef1e6acf9f5fff07","sha256":"3cb42a90fd07560b095613a310becac597581e2f0b9ab54dde764802be0609cc","sha512":"92e73fcf130ed28ede95ad1f78b28264b1a152b7a07e836a858d116639d7e3b0429449e833d56f5b5582a6ba35965f3be796ace256b9eea649a0ca2f8edfb69d","ssdeep":"3072:G068+RhI8FvQeXO0AFQM4MmMnTQXvS1kKeq/h:B6phN1DF/SW4h","tlshash":"5ee3e849bad2b0f867e261e4942f9646e1371624740e98d5f6fac5d1a879ecf0033e3c","first_seen":"2025-09-11T10:47:57.345998Z","last_seen":"2025-10-21T05:38:51.00741Z","times_seen":595,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":48,"dns":0,"connect":2,"send":0,"wait":5,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/css/custom2.css","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/css/custom2.css HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/css\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 20:39:24 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SedvGdvQN67RFD9im%2F6dap%2BL%2BKjUxi0ID70gQR%2F9RW%2FSggGhHoFKQWla0kDaFoFpe5BDkTT7j31%2BKOZDnFYfDPl7CQThvX9sOav7wH4cRed3\"}]}\r\ncf-ray: 989931eafff80731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":45085,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6166), with CRLF line terminators","md5":"9d39ef3473d52eeccad9c68db39e4f3e","sha1":"7dcac53bb2cbf2cf5ab814a005b30a858fc283fb","sha256":"b22e4dc6a540087670c793269674fd4305b9fddcc32718c552237f5ab7961641","sha512":"4ade249f2795409e3e6c3c3918c5f07a666bfd928b01e2d3b00606b97be38004a368202af214084d42d2ab6f8841410657c1e747ffc2b55f4ae7635679a1d1c8","ssdeep":"384:nr14/YCz/XsYztAY15DwJ9txoX4jRmdjRmBjRuBQVsvQsgOntjV86L+v:ragG/XsYzOYc9uvr1tjV8Pv","tlshash":"bf13caa5ea15154a7137d6a5aba207c8df2c0083eb03067dfba573208fbe4984572fcd","first_seen":"2025-07-13T23:17:02.907047Z","last_seen":"2026-01-09T03:24:48.942948Z","times_seen":12,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/de962111a-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/de962111a-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 21596\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:42 GMT\r\nexpires: Thu, 27 Nov 2025 14:39:38 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SXouFZh4Vix7qyH39REwCmpUvQXTRubDvnhMpamst8gpRY3jwInnHBJKJoCq%2Fv7zpUHJMoymJpP7f45GCB%2FHQ2xKchsfc84zVGhfXXquwz%2Fs\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eaf8040731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":21596,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"84d37a3a86a412e7373f955856f2d12d","sha1":"903740d6f5c6847e360ede7b50a127fd29f3b1d6","sha256":"4dbda609c72a302a15c06ae0072f83cf8c1cfba96625d606c66e7589eccd9194","sha512":"bc704af73612517482007e93985161bc3706aaba9472ba1096308be4949f835fa3fe13a9296ef55084fc06dd8905a344fe85cd0bf86c5a65770f9eb021380abf","ssdeep":"384:bIXY4xuXcXKBO5Ko4OxMYOhT6mEC4fWv+KJ6xO24SuYJTMaWqPu2DCmR5yM:bIXY4gXcDdVCvR6C4s+g6FrW72DJr","tlshash":"c8a2e1df0b276943d81ea19cd438c661165fe1af09c353fea248f4ca79d06e1ae37491","first_seen":"2025-10-05T01:38:06.634602Z","last_seen":"2025-10-05T01:38:06.634602Z","times_seen":1,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pl26380627.revenuecpmgate.com/aa/17/78/aa177888545d5fcb5c8d39ba3f934f3c.js","fqdn":"pl26380627.revenuecpmgate.com","domain":"revenuecpmgate.com","tld":"com"},"ip":{"addr":"192.243.59.13","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"revenuecpmgate.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 10:31:51 GMT","end":"Thu, 27 Nov 2025 10:31:50 GMT"},"fingerprint":{"sha1":"9B:93:AB:0D:BE:A3:40:A9:58:BE:A3:A6:F2:18:92:29:E2:1A:7C:32","sha256":"3D:E6:EC:90:1B:27:54:04:90:26:18:BF:8B:27:48:04:F0:C5:14:27:1A:9A:E4:4E:F5:34:6A:12:D9:06:9D:41"}}},"request":{"raw":"GET /aa/17/78/aa177888545d5fcb5c8d39ba3f934f3c.js HTTP/1.1\r\nHost: pl26380627.revenuecpmgate.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 05 Oct 2025 01:37:39 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 35784\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nSet-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_BS-1183=0; expires=Sun, 05 Oct 2025 01:37:39 GMT; secure; SameSite=None\r\nHost: pl26380627.revenuecpmgate.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 05f4cdeff4d9a4da0c3380cea5ca9391\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":98060,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"77df9acba35a09a094a78b5ba358018d","sha1":"d84445b74c4ccc24efee59a132a0d928e54c00fd","sha256":"2bebb8e4542979ea109d32562aa67a5a7b67346282cae60d77d8adf1e3230285","sha512":"b02d4122993cb48ee83580f0da0a8a224a38509fd9d33c486c16493885bbc4f6071a7b7b057dbfcf3e4b7d8ce0c29ddeac3d7073599a4d08606726eca4aacb90","ssdeep":"1536:lzxl+xx+nfI+ieOOoJm+h1eE6eunK1lz2N9QeK22udmm2gYpDkUeDCoxbp3pkcXE:MxIoJSnxKHWYV","tlshash":"f3a3e9983b50f0bc02a674f9362f7906e064ce6160ccd668d507fca86b7975bf439e29","first_seen":"2025-10-05T01:38:06.635703Z","last_seen":"2025-10-05T01:38:06.635703Z","times_seen":1,"resource_available":true,"data":null}},"time_used":778,"timings":{"blocked":290,"dns":28,"connect":91,"send":0,"wait":93,"receive":91,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"pl26380627.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"pl26380627.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"pl26380627.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"pl26380627.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/cinema/default/us/all/close-rtb/v2/img/number.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/notifications/cinema/default/us/all/close-rtb/v2/img/number.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 1138\r\nlast-modified: Fri, 19 Jan 2024 14:20:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"65aa8537-472\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 901113\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X4YWngVLLJ682Yz2ErEKuoqNzSqLfQR3eXDgbq7TD2SYtaQ055Q6WLEmX%2BD2y3PWZH6hL9wcvPQv1XqO5RFbGoWS23RILVz5nJoizOqRsCM%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 989931fcf89a35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1138,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced","md5":"9e4414e85c588bf7db195e49c02ab2bb","sha1":"09254e79b255f1b2dfe45adbbe44583a4b433782","sha256":"0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762","sha512":"07925dc4d8f6cc1b9b89d26f2c3a6aa3175279719a0999fd837a20e8b12f443eb521e23b3212227ac1b6dfa2ecfcdd94b7494dd67d9d8b046efdddd185bb9bfc","ssdeep":"","tlshash":"a121f90aeca21be0d7888f0214dc135095da07447f8e280a37b6aa599e1070614451fb","first_seen":"2023-04-09T12:43:14Z","last_seen":"2026-04-03T19:33:07.090963Z","times_seen":2427,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/watch.php?vid=c43d4f848","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-05T01:37:38.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /watch.php?vid=c43d4f848 HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:38 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=65ZhxMd3EvoiFK6oCnoo5HG4QUDera1HbKMrpPZc57n6caE49j37DvpaPeV2U7neOe3UjWvW14%2FLgKxL5mkJVOcsnO%2B7%2Fje6UhhFHEa3Hof8\"}]}\r\ncf-cache-status: DYNAMIC\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=7,cfOrigin;dur=174\r\ncontent-encoding: br\r\nset-cookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5; Path=/\r\ncf-ray: 989931e96d97dfec-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"jQuery:1.11.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"BootstrapCDN:3.2.0","description":"BootstrapCDN is a powerful and reliable Content Delivery Network (CDN) that delivers static resources, including CSS, JavaScript, and font files, for the widely-used Bootstrap framework. By leveraging multiple server locations worldwide, BootstrapCDN accelerates website loading times, ensuring a smooth and visually appealing user experience. Additionally, it ensures website compatibility with various devices and browsers. The service reduces bandwidth usage and server load, improving web performance for developers and end-users alike.","website":"https://www.bootstrapcdn.com/","common_platform_enumeration":"","icon":"BootstrapCDN.png","categories":["CDN"]},{"name":"Bootstrap:3.2.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery Migrate:1.2.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]}],"data":{"size":149444,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9128)","md5":"2d055379b7e6888a0624f2f8823a433c","sha1":"c39c2a303d63c2392a15cfcca0b1de167b8a2c12","sha256":"3069aff7b50f97e10dff1f044694ffa1dbd072ac53ee9e0b100ca96e1c24d659","sha512":"509b4aef603f776c0e4ad5103e788de4ebf4683f798a697db02b6da8d67f0fa0b249a392ef4b01dc46f602865e620fcc9ea0d312d24f4ef1c1d7b6804201fd3d","ssdeep":"1536:RhNAiYq6jVDmKK9GYnvwde4spATi0AWzAtk0keAAoM2iL4MtMx/30:qiBMGpATi0AWzAtkeoort6E","tlshash":"c6e3f6a7aa1c4d3b025790d4a4267f0ca16ffd33da03cc81f2ff495917d2da2926b196","first_seen":"2025-10-05T01:38:06.637412Z","last_seen":"2025-10-05T01:38:06.637412Z","times_seen":1,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":10,"dns":0,"connect":2,"send":0,"wait":188,"receive":0,"ssl":7},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/7eb536425-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/7eb536425-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 16162\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:41 GMT\r\nexpires: Thu, 27 Nov 2025 19:02:05 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 542133\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Yxo24BX%2BZpNNWrLOXGIcWQ7fArSfcIxKRqoakCeOePqrLwtjHzAQm1cLfLf7ygJrejhyBd8cvDrkB7iYmSair3sc7HTPoECy0ytxima%2BAYe3\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eafffc0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":16162,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0efceee2e89faede1de625708be12731","sha1":"d615f46374fef6b16be6bd11ac1087fa4d2e4c86","sha256":"c71beb8a221b53bf6c9417dcdaa8c4900e013e85f9e37c2688ac3741ee3ebd1d","sha512":"524c714713b30274831e2f397b79e55f130ad914a798d08f50e47d247744c3e2cbd5b0e5b8b6e52db04428df7db06addea6bc1b534cebabf50cbec022e4d7653","ssdeep":"384:3F1fBwyclQy1LWZhgfrnF+2QH0BKCcaoaQEGgwTTWb/bSdx:3F11o51L6hsCHKvcaoavOCUx","tlshash":"a672d0dab35484eecf94d73a1c33e13d96b932d4d91ede4922393e0808fc8b054a5593","first_seen":"2025-10-05T01:38:06.638547Z","last_seen":"2025-10-05T01:38:06.638547Z","times_seen":1,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 24 Aug 2025 02:39:12 GMT","end":"Sat, 22 Nov 2025 03:39:06 GMT"},"fingerprint":{"sha1":"B4:6C:D2:16:CA:52:EE:BD:22:D7:B4:2C:64:FF:A5:EF:67:D8:E1:F8","sha256":"FF:3A:23:84:D6:B2:73:DF:50:6E:1A:45:A4:AB:03:37:0B:C4:4A:8E:82:12:99:10:80:A2:F7:FC:71:E3:BA:1D"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 989931eb5a9d3181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-04-04T00:28:36.974338Z","times_seen":330082,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":10,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usrpubtrk.com/ut/hb.php?cb=0.3833575025546152\u0026v=1","fqdn":"usrpubtrk.com","domain":"usrpubtrk.com","tld":"com"},"ip":{"addr":"172.67.186.11","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usrpubtrk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 14 Aug 2025 11:57:48 GMT","end":"Wed, 12 Nov 2025 12:55:14 GMT"},"fingerprint":{"sha1":"D4:3E:2D:C6:F4:04:8A:A6:38:80:A6:3F:B8:36:DF:7A:79:B8:B0:6B","sha256":"99:E2:A7:FD:97:EE:35:E5:8B:A6:DB:25:80:B5:FA:55:8E:72:BD:17:CC:CA:CB:6A:DF:CC:70:31:68:4F:F2:57"}}},"request":{"raw":"POST /ut/hb.php?cb=0.3833575025546152\u0026v=1 HTTP/1.1\r\nHost: usrpubtrk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 2117\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=276jVx%2B0WiPKt22TYkB6ehSWg9PbF6IU2FORz4OLcrvgGf%2FAQYoziPXTZb%2BJ7ElWUVm%2BKOwT6lACcmxygqYhsyRsXtwVfPr21bXl\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 989931eee90256b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":237,"timings":{"blocked":45,"dns":3,"connect":3,"send":0,"wait":147,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-05","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/cinema/default/us/all/close-rtb/v2/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/notifications/cinema/default/us/all/close-rtb/v2/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:41 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:20:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L6k9b%2Fc%2FdrJauJB17r6fVmjh0u1qdRWf49O1mjZm7nm1JmoYnJmPQXyZUs36%2F7iYk%2Bu%2BzqwbdqfZ97HiUc5auCpaL7Lq4Zdj3nHRg1NNsk0%3D\"}]}\r\nage: 488307\r\ncf-cache-status: HIT\r\netag: W/\"65aa8537-182\"\r\ncontent-encoding: br\r\ncf-ray: 989931fc9bf732fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":386,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"5ca8c1679ba9453cfa512e01d6fec9c5","sha1":"45628341eb20e4acee5e812d3b2dfc8f23962daf","sha256":"520a0196a18cbe656f7382a02ec828125e68bdac511b9ebe2bf27f31e262d037","sha512":"842e878cb264f7362266570b9a8e4b50187e8bedf2a499c0b8fe5e9fa2c563fa7577427039f58540b103c4da5197287373efc5f031ebd7ce17e5b34bbb8d11f7","ssdeep":"","tlshash":"86e02b386158513487f7d1a2619f27df2730469ed00a025e702c474f0ce1fa622c1d9b","first_seen":"2023-04-05T09:22:06Z","last_seen":"2026-04-03T18:56:18.990219Z","times_seen":2549,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":32,"dns":1,"connect":2,"send":0,"wait":5,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/css/bootstrap.min.css","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/css/bootstrap.min.css HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/css\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 21:12:53 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OqlqsXsVCYHVVIo7Bpu0wp8nNNvLvpxYS6Cwvf%2FJJZfjGPpjLqniQ32XTydsui%2BC%2BHE0%2FNnT%2BzizBTzk5VWkba%2FNtBe0QGjPdBT8qtr6Km7V\"}]}\r\ncf-ray: 989931eafff20731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":121253,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65360), with CRLF line terminators","md5":"057c5534becfdb2d50350cbacfb8fa8c","sha1":"aee8eea23cc9ade1f7e3de672f57a9f79e9e1516","sha256":"00cce1553100d450fad1142957e5a2c793a1c5ba7877f5a119c704eb6acc1313","sha512":"f705ef7a7222f0348bb70dc451afa475dfe8f53d3f2d1908524789f7cade4fe6e425b1689c47e7155db535e20008a36349a974c7ce161188017df032c35ca033","ssdeep":"768:m5Gxw/jc/+WlJxtQ8IuiHlsLmzI4X8OAduFKbv2ctg2Bd8JP7ec8VvH1F1:Jw/oXBIuiHlsLmN8lDbNmPbW","tlshash":"c0c3c7a0f21031ea7333c55a75d0ed872219a153e66a4fb7f22f25d88f845ca1673f1a","first_seen":"2023-04-07T18:47:56Z","last_seen":"2026-03-29T20:18:02.202168Z","times_seen":225,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/css/bootstrap.min.rtl.css","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/css/bootstrap.min.rtl.css HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/css\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 21:12:53 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2vcWBXrexYxdKb%2B%2BcTQSWN5pxtsYVLzumrQQi3AafkesLrOBgaT4bsKT%2FvehQXiaoB27VQLygvvKCOEh6M7chHMLPuwZajYrWLT6NCaEtjcY\"}]}\r\ncf-ray: 989931eafff60731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":34818,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (540), with CRLF line terminators","md5":"50650996f24f8595aca871946cf4bfc7","sha1":"7fa88ac85d0f97dcd3c80c62a62dca78aedf73f2","sha256":"16725d7575da85e45223fc328ae010003775db250fda7bfdec9dc1e1676437a4","sha512":"5e1703ad4922c54176c14ccdf7a25de5c6a9c995dc969e56a77d1aa322513cb1541576b94f9eb73f6cd49ad063c85025a1d04f908a4215330eb5de6b65fb5933","ssdeep":"384:3+tv2XFJh7Laaijc2+vnRLWC+1CxOVK2Mho:3Q27DijczBWC+1CxOVKRo","tlshash":"c1f2a0c88e311944b171c7bfb7a28c46ab1530a7a67bd8a3f6e17d52fb295050423dcb","first_seen":"2023-04-07T18:47:56Z","last_seen":"2026-03-29T20:18:02.152052Z","times_seen":288,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:39 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3ad75b103d9aa41c91eaee414bb5009e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":68,"dns":5,"connect":20,"send":0,"wait":23,"receive":19,"ssl":43},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/cdn-cgi/rum?","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:40.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 424\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5; _ga_T9LGLZQTB5=GS2.1.s1759628259$o1$g0$t1759628259$j60$l0$h0; _ga=GA1.1.1937902578.1759628259; cf_clearance=5Y9tmqxbIg89qvN8Pa5ju9.tuoYoOyqi7YB9Q5bDxTU-1759628259-1.2.1.1-8AHebz52l_CD6cPPw6cPzJmSBIToBxMXZcwEwrqeZlaNjaeGsmpxF_E7Q6LuW8PlcxMWvYRUleUsu7juoxJaXVFDygKY_4NZ1735GCCeaDyvJu7GpC6z7Ne5qwWWQ_yxBCtyPOZmBrzv_PN_Ta2wRgGWbIKDlrJfbU9CpsaGtlaH5kHB_vRpig4djVsCHV1MbiG_HVTVevpQXm7iKBljF1cMBGMzCrqNgDHYJs.Zeo8; dom3ic8zudi28v8lr6fgphwffqoz0j6c=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b%3A2%3A1; pp_main_aa177888545d5fcb5c8d39ba3f934f3c=1; pm_elastic_player=normal\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://w.royal-drama.com\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7eRperpvnQHisNrF3mWU0Q%2FdLhcU83QTHbnYmSTsdruoYrfYDz82aRL3xL0toZBf4qMcJkq2rFKQn%2BOLDPpTKhpkY7KaPyPsAZfMSmCoRswY\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Sun, 05 Oct 2025 01:37:40 GMT\r\nserver: cloudflare\r\ncf-ray: 989931f1884e0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/ren.gif?sid=H4sIAAAAAAAC_6STT4gcSx3Hq1eRBwrP9w56eULDPOE9SM909_T0ziTIun_DmM3OursSMIdQ_3q2nO6utqp6encPElyViB42J5N46f3NbtZoJOYoIoRZbwNCxtMcXBDx4MlL8CQis9ms0Wt-h6qivvWr_taHb__oMD9DdcjxZP2m3BNxjGuNqmt_ckukTBbaXtuyPbfqXrNviTQMrtk700H1r3r1oOp-al_ntCdrvuu5rud69opQPJI7tXMVRPbrpl_1gmbVC1vVMIAd9X8bOrdAYwtY_wx9CIKN3_9rdBsEHUKa_GaJ656R2ZXlJI-xkQr67ORbaS-VRQrJf5eRsiBKTy5Og9RjhB7MgExPLt4Asn80fQMQMUYzX_ozkPTkwiiQ_vFrryQGngJhn4eiPwQeD0HgIVC5D4K9RACUwVoH0uTxmlQF3n2t4qk6Rp979XcQxRi99xGCNHnaWehs2p2Mp2vcwE5UgtgZgugOIctPwezNgChOgZrvg2B_RLV_rkKaHHV0LEGwyceMMZ9TnzotQpkTeF7LwZgTh2ESui5mkeuTc0AiGgLWM5BrC3JhQR5ZkGcWJGxi1303rM-2AuZGLgsJ5n7D97nfCD1GgiblkNOp8wMw2QHQ-ACouguZugs9cQAqfwF6uwTNLNAGQZ-VUHAEhUZQYASFQFAYBEW_PGax9nX5mMU6J97F7F_M9XIgTfcQH0vT5SkCrA5AsfJIZN_V-0CNNdiLNBrI6YCJKQeYsPIwO0MfTKFaP__p96DHJ3YQhtT3aL3Fie8HYb3BvGZEZmcxwyFhJAAtShB6BrC2YE-MUfvVlyETY_TJugUEn4KOT4EKC3D-FcBFCXi7hL30uaoquYtjhymc4CqVCTBZQmY-C2bXOozP0EeDja2Fe6DySXvbmExfrdW06leZqZIkZTvTllrfrzWDsMY9ij3ieQ72msTxvMh1SCtsOnXKKY-I7wbNRs2r0RiSfDT34L0fIoQQqHiELgqKvBwon4zmdr_9bOff_7gzUCQazd3fVi8QQgOF88nHrRZt0tn6rNNoEOIE4WzLIS3acLyQRWHUIPV6KxgoPKXBxuibP74NnI7mhg_2P3j48BFQVUKmSviO-AOCbnxvsCELdLQhC42edzIjErGHjZDppsGGo1_e4LuFVKy9pA-ezNOpMF0-3eLarOKUibSr0a8WBGNcrUhFOfp9W9_iZD3X2wu5SvNsdX1xpZ1kimstZDoELF7SfwEVY_TFrxXnf6Lzkw9BqCGovJxiuURBsx_8olJpL3bWKpXJN96gF1Sm78Je0CeVylZ7a3W5Upmsbckss42ISc6u2L08k2mXqyu2wgQbw5Xt2CsiTW0lekZ07UxJlvdM1V45PbYZNzbh2vCLfm6qzyqVpeXNxY32-lb73PXX1zc6Nzv2Ymdp2W64X7Ude3N-ddnexH1uO_bGm69ECttGZlnCVY8rW3ZtkhvR63H1rFJZnd-4vnynfXP--tTxjUsOCe7ydwKRgM5Gc797_2dfiKIItPzfIJLMugzjm83zMF6eiMUY3f70BcR8NPfbh9N6BJiUoPlbt_C3mvH0OizKQ30PusoCbPYhTUroqxL6cQk4PgCdf2ZgMjWa-1P9vIDE1oDEyjoisYrvv86zFhObu82W33Apa84GnkfrHg3CFg-atO6FLUo5GD3e_svob_8JAAD__12lr3fYBgAA","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:05:39 GMT","end":"Sat, 29 Nov 2025 00:05:38 GMT"},"fingerprint":{"sha1":"E2:5D:94:19:A8:E3:DF:BB:0C:81:C9:E0:EE:8B:9E:E1:F1:AD:67:58","sha256":"38:80:3F:7A:65:C5:71:DD:A6:A0:20:12:A2:CF:9E:19:28:AA:28:ED:C3:D3:FE:04:AE:C0:61:69:26:6D:27:C1"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_6STT4gcSx3Hq1eRBwrP9w56eULDPOE9SM909_T0ziTIun_DmM3OursSMIdQ_3q2nO6utqp6encPElyViB42J5N46f3NbtZoJOYoIoRZbwNCxtMcXBDx4MlL8CQis9ms0Wt-h6qivvWr_taHb__oMD9DdcjxZP2m3BNxjGuNqmt_ckukTBbaXtuyPbfqXrNviTQMrtk700H1r3r1oOp-al_ntCdrvuu5rud69opQPJI7tXMVRPbrpl_1gmbVC1vVMIAd9X8bOrdAYwtY_wx9CIKN3_9rdBsEHUKa_GaJ656R2ZXlJI-xkQr67ORbaS-VRQrJf5eRsiBKTy5Og9RjhB7MgExPLt4Asn80fQMQMUYzX_ozkPTkwiiQ_vFrryQGngJhn4eiPwQeD0HgIVC5D4K9RACUwVoH0uTxmlQF3n2t4qk6Rp979XcQxRi99xGCNHnaWehs2p2Mp2vcwE5UgtgZgugOIctPwezNgChOgZrvg2B_RLV_rkKaHHV0LEGwyceMMZ9TnzotQpkTeF7LwZgTh2ESui5mkeuTc0AiGgLWM5BrC3JhQR5ZkGcWJGxi1303rM-2AuZGLgsJ5n7D97nfCD1GgiblkNOp8wMw2QHQ-ACouguZugs9cQAqfwF6uwTNLNAGQZ-VUHAEhUZQYASFQFAYBEW_PGax9nX5mMU6J97F7F_M9XIgTfcQH0vT5SkCrA5AsfJIZN_V-0CNNdiLNBrI6YCJKQeYsPIwO0MfTKFaP__p96DHJ3YQhtT3aL3Fie8HYb3BvGZEZmcxwyFhJAAtShB6BrC2YE-MUfvVlyETY_TJugUEn4KOT4EKC3D-FcBFCXi7hL30uaoquYtjhymc4CqVCTBZQmY-C2bXOozP0EeDja2Fe6DySXvbmExfrdW06leZqZIkZTvTllrfrzWDsMY9ij3ieQ72msTxvMh1SCtsOnXKKY-I7wbNRs2r0RiSfDT34L0fIoQQqHiELgqKvBwon4zmdr_9bOff_7gzUCQazd3fVi8QQgOF88nHrRZt0tn6rNNoEOIE4WzLIS3acLyQRWHUIPV6KxgoPKXBxuibP74NnI7mhg_2P3j48BFQVUKmSviO-AOCbnxvsCELdLQhC42edzIjErGHjZDppsGGo1_e4LuFVKy9pA-ezNOpMF0-3eLarOKUibSr0a8WBGNcrUhFOfp9W9_iZD3X2wu5SvNsdX1xpZ1kimstZDoELF7SfwEVY_TFrxXnf6Lzkw9BqCGovJxiuURBsx_8olJpL3bWKpXJN96gF1Sm78Je0CeVylZ7a3W5Upmsbckss42ISc6u2L08k2mXqyu2wgQbw5Xt2CsiTW0lekZ07UxJlvdM1V45PbYZNzbh2vCLfm6qzyqVpeXNxY32-lb73PXX1zc6Nzv2Ymdp2W64X7Ude3N-ddnexH1uO_bGm69ECttGZlnCVY8rW3ZtkhvR63H1rFJZnd-4vnynfXP--tTxjUsOCe7ydwKRgM5Gc797_2dfiKIItPzfIJLMugzjm83zMF6eiMUY3f70BcR8NPfbh9N6BJiUoPlbt_C3mvH0OizKQ30PusoCbPYhTUroqxL6cQk4PgCdf2ZgMjWa-1P9vIDE1oDEyjoisYrvv86zFhObu82W33Apa84GnkfrHg3CFg-atO6FLUo5GD3e_svob_8JAAD__12lr3fYBgAA HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nCookie: uid_id2=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971262=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:41 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7b6a20d9904e99b0256f5a9bf0cc94ef\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/pixel/sbs?c=1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:42.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:05:39 GMT","end":"Sat, 29 Nov 2025 00:05:38 GMT"},"fingerprint":{"sha1":"E2:5D:94:19:A8:E3:DF:BB:0C:81:C9:E0:EE:8B:9E:E1:F1:AD:67:58","sha256":"38:80:3F:7A:65:C5:71:DD:A6:A0:20:12:A2:CF:9E:19:28:AA:28:ED:C3:D3:FE:04:AE:C0:61:69:26:6D:27:C1"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nCookie: uid_id2=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971262=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 05 Oct 2025 01:37:42 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/cebe0983b-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/cebe0983b-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 23090\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:41 GMT\r\nexpires: Thu, 27 Nov 2025 14:39:38 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oHio0PnmGZ1x2pNDJRvvnLJA%2B%2Fj0K41hCxzzyWSGwg98TN%2FkbnsWt5slNooJ7qm4TiP9d33ct77faD%2BnRjiUJgtiMoDDf1i3ASLKix1ho9eQ\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eafffe0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23090,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"597816fa1011bda052ca63fa39679e36","sha1":"ed80de5738902e5572a3b3619f381d9a4a6b036a","sha256":"c649ba45b6180b5152375ae3ed912b086c6c4ecd75c1b288f118deb9aa350fe0","sha512":"26f2bf9cd6c848b7741b3ab9cd5abc90a63c27c3a36ad06e4ec1a3b5242154984fc0ea9919d462b9db872410298916d4d7368db4a5e4acafd5e0225e07f40ed5","ssdeep":"384:1QxEeUV13c+s5hwhkF59ZqEZ2Zz/hpqhD0k+O6UPzPgDlkeZBQcgrIAKW:1+m1RLhmUEZy/yt0EPz8m0mcgIW","tlshash":"79a2e1fc98f1084ad2be06bb314742966dd3517bd1a6df26617252f40bb8bb8d1de430","first_seen":"2025-10-05T01:38:06.642511Z","last_seen":"2025-10-05T01:38:06.642511Z","times_seen":1,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"54:09:EF:2E:96:03:5C:86:DF:F0:DA:AC:A6:7A:0D:35:49:4E:68:90","sha256":"0E:84:83:07:1D:C1:46:17:EB:EA:2F:15:CE:88:56:D2:FF:9E:AE:31:D2:C3:FC:DA:00:24:46:48:43:CD:11:1F"}}},"request":{"raw":"GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 33507\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:48:51 GMT\r\nexpires: Fri, 02 Oct 2026 12:48:51 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 218928\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":95992,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32038)","md5":"f03e5a3bf534f4a738bc350631fd05bd","sha1":"37b1db88b57438f1072a8ebc7559c909c9d3a682","sha256":"aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947","sha512":"8eeeaefb86cf5f9d09426814f7b60e1805e644cac3f5ab382c4d393dd0b7ab272c1909a31a57e6d38d5acf207555f097a64a6dd62f60a97093e97bb184126d2a","ssdeep":"1536:OP10iSi65U/dXXeyhzeBuG+HYE0WEeLDFoNqLTW8+S5VRZIVI6xSb8xh2ZbQnRmm:R+41ZqLTW8xRrqSb8qGH77da98Hr3","tlshash":"1793d8d9b7d67162977730b850bf510bb13a98eab80c4ca0f0a4d8e47d74a89507bf2d","first_seen":"2023-03-07T01:02:11Z","last_seen":"2026-04-03T23:33:54.989118Z","times_seen":20568,"resource_available":true,"data":null}},"time_used":215,"timings":{"blocked":93,"dns":1,"connect":9,"send":0,"wait":8,"receive":9,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jquery.plugins.b.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/js/jquery.plugins.b.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 20:52:46 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dN4RBfMOrnPygzpHcjMD6AUNcQ6uE4ZBQfSq6Apm29sh7JcHxSCpr8SC9G4IoorAbEt7vjeLM1mAxU0L%2FBr0z3qQs0XPDaJruvlEdLbiOjY4\"}]}\r\ncf-ray: 989931eb080c0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":9535,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5838), with CRLF line terminators","md5":"443045e7fcb603ba92e473b0ec11d2b2","sha1":"8d9dd41c01b0f2738d6bd1a3984095570bbeb0df","sha256":"8084ff37c531acc28e0fa45ecb19d9a3c846a91f1b2e101801a9dada0cd31702","sha512":"995f65923b7ceb647c7b81b71d6e9c2f169e27a9b9c2e38476eeb4c7cd6931823a0825cfe344409f39096421d403ed0096eef957da48c6789052ccc120f089d0","ssdeep":"192:drqHYs1VpcjP3+RMCN+8/Hit2eVUUZCDq78JlwyDp/VQ3SI:drSDy2CxaqFcdVdI","tlshash":"1512d8a93292342a62bb516c105ff50ff3219526d18b8050e25899f43ef9c8e3767fbd","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.18288Z","times_seen":295,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026e=gtm.init\u0026eid=2\u0026u=AAAAAAAAAAAAAIA\u0026h=Ag\u0026tr=5ogt1pdatav2.5ccdgafirst.5setproductsettings.5ccdgaregscope.5ccdemdownload.5ccdemform.5ccdemoutboundclick.5ccdempageview.5ccdemscroll.5ccdemsitesearch.5ccdemvideo.5ccdconversionmarking.5ccdautoredact.5ccdgalast\u0026ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ccdgaregscope.2ccdemdownload.2ccdemform.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdemvideo.2ccdconversionmarking.2ccdautoredact.2ccdgalast\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026e=gtm.init\u0026eid=2\u0026u=AAAAAAAAAAAAAIA\u0026h=Ag\u0026tr=5ogt1pdatav2.5ccdgafirst.5setproductsettings.5ccdgaregscope.5ccdemdownload.5ccdemform.5ccdemoutboundclick.5ccdempageview.5ccdemscroll.5ccdemsitesearch.5ccdemvideo.5ccdconversionmarking.5ccdautoredact.5ccdgalast\u0026ti=2ogt1pdatav2.2ccdgafirst.2setproductsettings.2ccdgaregscope.2ccdemdownload.2ccdemform.2ccdemoutboundclick.2ccdempageview.2ccdemscroll.2ccdemsitesearch.2ccdemvideo.2ccdconversionmarking.2ccdautoredact.2ccdgalast\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5; _ga_T9LGLZQTB5=GS2.1.s1759628259$o1$g0$t1759628259$j60$l0$h0; _ga=GA1.1.1937902578.1759628259\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\nlocation: /cdn-cgi/challenge-platform/h/b/scripts/jsd/16f9cd2f90a6/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\ncontent-length: 0\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\nserver: cloudflare\r\ncf-ray: 989931ee582e0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10029,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/css/echo.css","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/css/echo.css HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/css\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 21:12:53 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5XvpZyYG29IwEznGbomlSQZ7muxpo9XHgz8WgMFby%2FyU9cyTY80U41XEw%2FueVRk7t3Njwu%2BmkYBmX82Ed4W8yTQZzNqtZhSAHwoIEYs%2BW1Sd\"}]}\r\ncf-ray: 989931eafff40731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":329217,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"5175cbf007fead7bec81e24198f815f9","sha1":"d6804f3e3615f054d3813cdaedf4f435577767ea","sha256":"e329cc12f92e9370d19d590d7f80dd86cb723b5d94bc5d62fcbcd5e8e960327d","sha512":"803443cf1ee2cf82c4a93e3b649f2aa013583c2715882a1b015b86aae0aecff1b0526185aeafb20deb7f0c3d54a93679e45df1893299039b2c7bfe95d52d71d1","ssdeep":"3072:J/MB8OfBMOdGj+eLdyiQYfBN0ucn4/ULcSLyygLdWxAnZm4T1hbtEhND2INcmeFO:J/MB8OfBMOLpT","tlshash":"55641d63ee5510021a33d3b5e7939665ff2c40a3c20245bdbade655c8fea58881adfcc","first_seen":"2023-05-09T02:55:09Z","last_seen":"2026-03-29T20:18:02.134463Z","times_seen":141,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/css/echo.rtl.css","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/css/echo.rtl.css HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/css\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 21:12:53 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r8odxJFdurozgZVFWpkbLgONSRujn5XOcrHWuB2D2BeuhPilF42rlgVVw1x1wvp4dyAOXEEJ2tMreisvJLP%2BBnOHts39NoQfGqMgJEUWpnlI\"}]}\r\ncf-ray: 989931eafff70731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":22855,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF, LF line terminators","md5":"133de044f542e50c4a5eae2799e148ac","sha1":"c028504cf9a957ca86d7f1a06371fdc085deaace","sha256":"e64aa5acc7482eb1a727ee2962407ce824e6f3cb5e22ceda2f27a0dd72072743","sha512":"5f0ef6b93bc8d1aef4f02a13f18aa3d35794aca3e99eb4ba8b1c99ea091e5c7f4789277562b2f4152c960486cccd09a407e0043093267f9d6d215f693519c124","ssdeep":"192:lUY0e3kfSH7h4Rli4Umjqq6+ndCng6TZoVN+nPIqAeK:K1ibq6+ngpT6+da","tlshash":"d6a2f166fe5060872432cf78e262ccd3eb5600d3c40657b9bf9ec1549b6a68c172df9a","first_seen":"2023-04-07T18:47:56Z","last_seen":"2026-03-29T20:18:02.130184Z","times_seen":183,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jquery.cropit.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/js/jquery.cropit.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 20:52:46 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K2va2IBno5AABmCgd79ol4JboEMv0g7zjc9MfnIOVtYTGfwAoZP3mwIEIngN5N4IrYelwOWuVmZS0x3VL9sBBcwvpp3RGNJoODfrf2Ug0NDw\"}]}\r\ncf-ray: 989931eb080d0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":27578,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (27266)","md5":"cd82e0edbcecf087be901e8e7ed0d035","sha1":"2cedce9f87501152efa36eb1949d95c0ca4ff200","sha256":"b8a0d09df5a79e5e9494b3061eeff55883870c66714879886348c5095faa7840","sha512":"972ad1b4fe72296e7123bebe0c1e18aaf1fe1617ed41762b0e0b3afc9a7e58c0a4f9e5354094808d94bcebcd8f7c1d12b9c794ae17c47bc9cb3586ca9899193f","ssdeep":"384:b4Ku+vsSCLma/KSUOW5Gur0433Pfmoz8DKNzmavSbnCIjcIOHinWK0inVcaTJX5s:XWmaiSO5Gu/wemaybVtPJXm","tlshash":"4fc2b4193ba1367742a7f1a0760f800c1275e975e446e38cb638d8fa9af18148a77f76","first_seen":"2023-03-07T12:01:39Z","last_seen":"2026-03-29T20:18:02.154507Z","times_seen":606,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/17e93dafa-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/17e93dafa-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 20150\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:42 GMT\r\nexpires: Sun, 30 Nov 2025 17:14:44 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2gsMtajwZtFVlsQOrRKAFtyLOBsVA98NkEbO2%2BDVSueotGyRLA0yXoPvp%2F5Oy4W9jhzpGsU%2FqRU3jYFNsKxYNPMFnQgqAIdjvDaT2%2FjBgLQr\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eaf8020731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":20150,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8d7363ded978dc62c38a9530c929a00b","sha1":"9ab2006d40bb1f1dce458f23f43a5b08d8465fe1","sha256":"98d58d8486edd14dc12daa2347308ffaa3574849605018805ad1229eec668055","sha512":"5aa19924fcf5da26d555e536ce8e457e4c39df464b15034ff74764bab36316462ec83dc5d7ff3a5e09e3c4312f09771a118a214c5347ce647d57177c0b157cba","ssdeep":"384:mj7FKlZsD8Y60nzJGutf6PhsA9gZTIsPKaW0Edyu6QQHc88/E:mjskzJptf6PhGTIs60Edy9Hch/E","tlshash":"9f92c0549bdebe0d8d0dac5e82350399af0b18c0af184898ca097354865d53f66dfda7","first_seen":"2025-10-05T01:38:06.649039Z","last_seen":"2025-10-05T01:38:06.649039Z","times_seen":1,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/img/icon-play-32.png","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/img/icon-play-32.png HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/templates/echo/css/echo.css\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/png\r\ncontent-length: 2413\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Thu, 27 Nov 2025 21:12:54 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 466689\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oI%2FgJRZfmYqMYL4F67bjELN0%2FMZCj7qdqO%2F2mGFREzvpjuJq7HXdxWQHBqZHHXmbwCvxzHU2nEVp9roZi0R0MwUAbQK1%2Fjv3Cn6t%2BNiX%2FeB2\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931ebf8190731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2413,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"35bd95e97ff446debcc363482550378d","sha1":"91c8d90e0524e5346aa4f3ae0806893db5d95959","sha256":"eee224146191f9cc5fabac0a105fe5b9b34750f8afe16823dbb593259d8a1d75","sha512":"cb1e95ff009f563b6d436c90b3b10c9efd2d6be53fcd8938d8c027c4839e3c94cdb8994441ee44c1af35b06611912903ba7e66f258b58af8943e7fee632d8ad5","ssdeep":"","tlshash":"8041e84dfe422c30c288e5727de4a093a8375cc482c0a563bcdcc16398b04fbb92cad2","first_seen":"2023-05-09T02:55:10Z","last_seen":"2026-03-29T20:18:02.14383Z","times_seen":235,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"acscdn.com/script/suv5.js","fqdn":"acscdn.com","domain":"acscdn.com","tld":"com"},"ip":{"addr":"104.18.16.201","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"acscdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 21:39:20 GMT","end":"Sun, 07 Dec 2025 22:39:07 GMT"},"fingerprint":{"sha1":"97:5E:85:70:5C:6F:7D:F5:DB:22:A2:2D:88:C5:E3:69:E8:15:5A:F4","sha256":"AE:9E:71:84:C0:24:A8:E6:55:FE:84:6C:3B:AA:4F:74:9F:76:47:83:B6:3D:D6:4D:0A:0A:74:54:1D:14:B3:EE"}}},"request":{"raw":"GET /script/suv5.js HTTP/1.1\r\nHost: acscdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nserver: cloudflare\r\nx-guploader-uploadid: ABgVH8-9c4pjta0Y-8RNJduhwu8SsqGu1HECSebUbnHzJiiyFvVWMsCxsSPtzwdr45PAPUNV\r\nx-goog-generation: 1757575972251993\r\nx-goog-metageneration: 2\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 96855\r\nx-goog-hash: crc32c=5NFa/Q==, md5=MnHxWy+gPL/oBNiRpNG+pA==\r\nx-goog-storage-class: MULTI_REGIONAL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace\r\nexpires: Sun, 05 Oct 2025 02:37:39 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Thu, 11 Sep 2025 07:32:52 GMT\r\nvary: accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\ncf-cache-status: HIT\r\nage: 2076\r\netag: W/\"3271f15b2fa03cbfe804d891a4d1bea4\"\r\ncontent-encoding: gzip\r\ncf-ray: 989931ec48a723eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":96855,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65493), with no line terminators","md5":"3271f15b2fa03cbfe804d891a4d1bea4","sha1":"ba0ebf448794037fa0cdc3f7d3a103e61894493e","sha256":"ec4add2cef8de7dcf48c93f7f83ecec842fee54b4e1ae3ae8ba67b1da1edfba8","sha512":"d6dfb9c2252f4a7dc3681f19e9c36ae5759a4ef08283d47493adc7f85bf76a092cc557a2a18cb13ac7af57626c4f9551833c53fd8ecddd86addc866cfac78b2a","ssdeep":"1536:LOFHKIV5GuKbOPNXN6ibR+6ry6j/IYOHSD/u/NNU48WQJFW4gkzwi/OsWVhL/Tyw:LYqmzIOVg6W6jUHSDm/NWu4hzihp","tlshash":"e293c649bad2f0e86be365e4842f5646e1772a24740d98d5fab6c5c19839ecf4033e3c","first_seen":"2025-09-11T10:47:57.233286Z","last_seen":"2025-10-21T05:38:50.883718Z","times_seen":518,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"acscdn.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/suurl5.php?r=8940426\u0026cbur=0.9133760855679768\u0026cbiframe=0\u0026cbWidth=1280\u0026cbHeight=1024\u0026cbtitle=%D9%81%D9%8A%D9%84%D9%85%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD\u0026cbpage=https%3A%2F%2Fw.royal-drama.com%2Fwatch.php%3Fvid%3Dc43d4f848\u0026cbref=\u0026cbdescription=%D8%B4%D8%A7%D9%87%D8%AF%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%20%D9%83%D8%A7%D9%85%D9%84%20%D9%85%D9%88%D9%82%D8%B9%20%D8%B4%D8%A7%D9%87%D8%AF%20%D9%86%D8%AA%20%D8%AF%D9%82%D8%A9%201080p%2B720p%20%D8%A8%D8%B3%D8%B1%D9%81%D8%B1%D8%A7%D8%AA%20%D9%85%D8%AA%D8%B9%D8%AF%D8%AF%D8%A9%20%D9%88%D8%AC%D9%88%D8%AF%D8%A9%20%D8%B9%D8%A7%D9%84%D9%8A%D8%A9%20HD%20%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AF%D8%B1%D8%A7%D9%85%D8%A7%20%D9%88%D8%A7%D9%84%D9%83%D9%88%D9%85%D9%8A%D8%AF%D9%8A%D8%A7%20%D8%A8%D8%B7%D9%88%D9%84%D8%A9%20%D9%85%D8%AD%D9%85%D8%AF%20%D8%A5%D9%85%D8%A7%D9%85%20%D9%88%D9%85%D8%AD%D9%85%D8%AF%20%D8%B3%D9%84%D8%A7%D9%85%20%D9%88%D9%87%D8%AF%D9%89...\u0026cbkeywords=%D9%81%D9%8A%D9%84%D9%85%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%2C%20%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D8%A9%20%D9%81%D9%8A%D9%84%D9%85%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%2C%20%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D8%A9%20%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%2C%20%D9%81%D9%8A%D9%84%D9%85%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%20HD%2C%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%2C%20%D9%86%D8%AA%20%D9%81%D9%84%D9%83%D8%B3.mbc2%2C%20%D8%B1%D9%88%D9%8A%D8%A7%D9%84%20%D8%AF%D8%B1%D8%A7%D9%85%D8%A7\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown3224%20bits\u0026ts=1759628259265\u0026srs=bc0330298f26aa420f08d9e4196f6f4e\u0026atv=69.0","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 17:58:51 GMT","end":"Sat, 08 Nov 2025 17:08:08 GMT"},"fingerprint":{"sha1":"EA:C4:03:00:5B:31:55:C6:59:67:78:25:B3:B7:46:0C:EC:DE:30:70","sha256":"D9:CD:23:32:1E:FF:B8:A4:2F:94:7E:6F:7B:49:CF:2A:8E:F8:87:04:44:A7:C7:E1:3C:53:1B:9F:D1:3A:94:D5"}}},"request":{"raw":"GET /script/suurl5.php?r=8940426\u0026cbur=0.9133760855679768\u0026cbiframe=0\u0026cbWidth=1280\u0026cbHeight=1024\u0026cbtitle=%D9%81%D9%8A%D9%84%D9%85%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD\u0026cbpage=https%3A%2F%2Fw.royal-drama.com%2Fwatch.php%3Fvid%3Dc43d4f848\u0026cbref=\u0026cbdescription=%D8%B4%D8%A7%D9%87%D8%AF%20%D8%A7%D9%84%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%20%D9%83%D8%A7%D9%85%D9%84%20%D9%85%D9%88%D9%82%D8%B9%20%D8%B4%D8%A7%D9%87%D8%AF%20%D9%86%D8%AA%20%D8%AF%D9%82%D8%A9%201080p%2B720p%20%D8%A8%D8%B3%D8%B1%D9%81%D8%B1%D8%A7%D8%AA%20%D9%85%D8%AA%D8%B9%D8%AF%D8%AF%D8%A9%20%D9%88%D8%AC%D9%88%D8%AF%D8%A9%20%D8%B9%D8%A7%D9%84%D9%8A%D8%A9%20HD%20%D9%81%D9%8A%D9%84%D9%85%20%D8%A7%D9%84%D8%AF%D8%B1%D8%A7%D9%85%D8%A7%20%D9%88%D8%A7%D9%84%D9%83%D9%88%D9%85%D9%8A%D8%AF%D9%8A%D8%A7%20%D8%A8%D8%B7%D9%88%D9%84%D8%A9%20%D9%85%D8%AD%D9%85%D8%AF%20%D8%A5%D9%85%D8%A7%D9%85%20%D9%88%D9%85%D8%AD%D9%85%D8%AF%20%D8%B3%D9%84%D8%A7%D9%85%20%D9%88%D9%87%D8%AF%D9%89...\u0026cbkeywords=%D9%81%D9%8A%D9%84%D9%85%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%2C%20%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D8%A9%20%D9%81%D9%8A%D9%84%D9%85%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%2C%20%D9%85%D8%B4%D8%A7%D9%87%D8%AF%D8%A9%20%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%2C%20%D9%81%D9%8A%D9%84%D9%85%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%20HD%2C%20%D8%B9%D9%85%D9%87%D9%85%202022%20HD%2C%20%D9%86%D8%AA%20%D9%81%D9%84%D9%83%D8%B3.mbc2%2C%20%D8%B1%D9%88%D9%8A%D8%A7%D9%84%20%D8%AF%D8%B1%D8%A7%D9%85%D8%A7\u0026cbcdn=acscdn.com\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown3224%20bits\u0026ts=1759628259265\u0026srs=bc0330298f26aa420f08d9e4196f6f4e\u0026atv=69.0 HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://w.royal-drama.com/\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Content-Type\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WCgacVN8zEt9cq6%2FtMSexYAvmMJ0GqpFoX8FM1F7JI1FPFkWy1ugM4sin1SIk%2FMiGUYoc6ApVWMiDgkV5tNTiQ%2B2ofyYKTyS8wGrWW8Bkbwr\"}]}\r\ncf-ray: 989931ec999db4ed-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":898,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"9a69cd805da1201daa38418708afbf3b","sha1":"8137a1f0ceae42ac699284c17451c725784845ae","sha256":"c3bb42bdebb41ba0bbf554ee6004f442273595f2abc32e994818699201e2cd9d","sha512":"a44f73cb8984c6be7dc1c1d486d4f94a0d8081a0955ce6a9b7abd3e137fa639d77d19d3d2ed76516d9796ae37dbc9372cd0deaa7a6c0c0d10cd99e1c8a3e9e83","ssdeep":"","tlshash":"b7116717014edef37595149d45ab9908fb300d9eac11bf40504f3c3bb15b6909f5e061","first_seen":"2025-10-05T01:38:06.651741Z","last_seen":"2025-10-05T01:38:06.651741Z","times_seen":1,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":32,"dns":3,"connect":2,"send":0,"wait":186,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.6653556128034297:1759626680:UTO-wdB_dnEWKegoUUUh1VINlxiFwu57d4kRRQRQbcU/989931e96d97dfec","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.6653556128034297:1759626680:UTO-wdB_dnEWKegoUUUh1VINlxiFwu57d4kRRQRQbcU/989931e96d97dfec HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12129\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5; _ga_T9LGLZQTB5=GS2.1.s1759628259$o1$g0$t1759628259$j60$l0$h0; _ga=GA1.1.1937902578.1759628259\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-length: 0\r\nset-cookie: cf_clearance=5Y9tmqxbIg89qvN8Pa5ju9.tuoYoOyqi7YB9Q5bDxTU-1759628259-1.2.1.1-8AHebz52l_CD6cPPw6cPzJmSBIToBxMXZcwEwrqeZlaNjaeGsmpxF_E7Q6LuW8PlcxMWvYRUleUsu7juoxJaXVFDygKY_4NZ1735GCCeaDyvJu7GpC6z7Ne5qwWWQ_yxBCtyPOZmBrzv_PN_Ta2wRgGWbIKDlrJfbU9CpsaGtlaH5kHB_vRpig4djVsCHV1MbiG_HVTVevpQXm7iKBljF1cMBGMzCrqNgDHYJs.Zeo8; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=royal-drama.com; Expires=Mon, 05 Oct 2026 01:37:39 GMT\r\nserver: cloudflare\r\ncf-ray: 989931ee98320731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026e=gtm.js\u0026eid=3\u0026u=AAAAAAAAAAAAAIA\u0026h=Ag\u0026tr=5gct\u0026ti=1gct\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026e=gtm.js\u0026eid=3\u0026u=AAAAAAAAAAAAAIA\u0026h=Ag\u0026tr=5gct\u0026ti=1gct\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/cdn-cgi/rum?","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 424\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5; _ga_T9LGLZQTB5=GS2.1.s1759628259$o1$g0$t1759628259$j60$l0$h0; _ga=GA1.1.1937902578.1759628259; cf_clearance=5Y9tmqxbIg89qvN8Pa5ju9.tuoYoOyqi7YB9Q5bDxTU-1759628259-1.2.1.1-8AHebz52l_CD6cPPw6cPzJmSBIToBxMXZcwEwrqeZlaNjaeGsmpxF_E7Q6LuW8PlcxMWvYRUleUsu7juoxJaXVFDygKY_4NZ1735GCCeaDyvJu7GpC6z7Ne5qwWWQ_yxBCtyPOZmBrzv_PN_Ta2wRgGWbIKDlrJfbU9CpsaGtlaH5kHB_vRpig4djVsCHV1MbiG_HVTVevpQXm7iKBljF1cMBGMzCrqNgDHYJs.Zeo8; dom3ic8zudi28v8lr6fgphwffqoz0j6c=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b%3A2%3A1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://w.royal-drama.com\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PYmOQiiuA35WQkfFyDM2kfojNrXdH9MFA5epMjVcwrHH2wCKLujsq9DDjlHmZUpD2Lsb9cXO8e3DL9wjunUnSwdGzgOHQ9U0POqTQf%2F4yLgI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\nserver: cloudflare\r\ncf-ray: 989931f0a8480731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/img/apple-touch-icon.png","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:40.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/img/apple-touch-icon.png HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5; _ga_T9LGLZQTB5=GS2.1.s1759628259$o1$g0$t1759628259$j60$l0$h0; _ga=GA1.1.1937902578.1759628259; cf_clearance=5Y9tmqxbIg89qvN8Pa5ju9.tuoYoOyqi7YB9Q5bDxTU-1759628259-1.2.1.1-8AHebz52l_CD6cPPw6cPzJmSBIToBxMXZcwEwrqeZlaNjaeGsmpxF_E7Q6LuW8PlcxMWvYRUleUsu7juoxJaXVFDygKY_4NZ1735GCCeaDyvJu7GpC6z7Ne5qwWWQ_yxBCtyPOZmBrzv_PN_Ta2wRgGWbIKDlrJfbU9CpsaGtlaH5kHB_vRpig4djVsCHV1MbiG_HVTVevpQXm7iKBljF1cMBGMzCrqNgDHYJs.Zeo8; dom3ic8zudi28v8lr6fgphwffqoz0j6c=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 18160\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Thu, 27 Nov 2025 23:54:08 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 462761\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EBVmTSf9Ak1WgRnMznSG9%2Bnff0ImP066AeOkJtbtOk0t08OvbxW%2BWd0lJdDf77U3FXfgysGwPp%2BtWhxMKv2FG1sTvkeXGlBjUvH8SxV4BD2J\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931f1184c0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":18160,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"d42d811690030da2f21b36974d091384","sha1":"41432b0d6658c786b5399761faff801760ca3573","sha256":"ab692c45a105de3c0a4b594788fec99f71ce6aab3055b2e6b0c1868a7faf817f","sha512":"0acd442ec5a50d5ca55093d8a3170880f2403ff4b67b3474a7c7a31df70dc2ac4d2e36f07f10f595c4b55d5c6981cf96898429e79a9b86839be4f4fa273f647e","ssdeep":"384:JAcr4w/eNLhANu8PDT+OsfOiCDodciJa4PQRKMKY:JEw+L+N35sfOWdciJa4OK2","tlshash":"7d82cfb1b8d3f7e18a9872dc41bf96d0c5b530d67e95c9848015aa3bbd8720c23be947","first_seen":"2025-07-13T23:17:02.918311Z","last_seen":"2026-01-09T03:24:48.940094Z","times_seen":11,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jquery.readmore.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/js/jquery.readmore.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 20:52:46 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=x3ZGOw2xIVMCYTKZmLBUA7C6QavlwFs0tvox470RTjg98eJeqLmxQI0rjYl82BR6ZsAtUZlVyrodh3LS2ukIcR81XivqsZ%2B11%2FlX%2BzS8itGq\"}]}\r\ncf-ray: 989931eb080e0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3430,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (531), with CRLF line terminators","md5":"081fe3d90aad9b9f11e4b1c0569530df","sha1":"ff566498ce6f25f4a3b28c0e2bb92b6b86fea6ed","sha256":"98e825583e6fb4f7e8a65f9063fb7ea2d34aee8f9aa480dfee285ea27f4fca02","sha512":"cf242d2562e01ce001f00b847c0855d090f3c2883ede50cb65298cad502e2ae1fa6648a16eab883bdac88e2cdbe0366f4dcad0967bf3cf0e02ef979bf7f2b2f7","ssdeep":"","tlshash":"ec61f169b323f642c4a720e2705f530a663bf128835580547777dae86f7c80e7863a7e","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.153633Z","times_seen":319,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"52.57.19.68","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://w.royal-drama.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b:2:1; expires=Wed, 03 Oct 2035 01:37:39 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"ff75e8f8c0db6c0e9e6cf99189e49f2f","sha1":"da5d76f8e6295e104a8e8b4bfba056e6b54218b4","sha256":"889f462c252e01483efa9d7f477af4338e1ed43c5f11fb3d4b6c15a733d28809","sha512":"3b22668a927d4818f1785106bfc0e0d889d44150c76d5e346197966c2dce21243be876f9a8c5ca5049845a489f2559542445f79b05cf464a3dd39fc6c0b1acd1","ssdeep":"","tlshash":"f79004c0d3d0c4d715dc3f1030110f41055f7441501434004d75700550741cc41f4c35","first_seen":"2025-10-05T01:38:06.654804Z","last_seen":"2025-10-05T01:38:06.654804Z","times_seen":1,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":102,"dns":6,"connect":29,"send":0,"wait":28,"receive":0,"ssl":66},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b\u0026eb=f522123235b3758dca5b00f6aebd1253\u0026te=e7b29a3f517d38d4366e5d69d562f86a\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=466c21c39eb224635d18fb77ada6bdb4\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=1","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:40.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 21:53:17 GMT","end":"Fri, 28 Nov 2025 21:53:16 GMT"},"fingerprint":{"sha1":"AA:2A:FC:C2:EE:01:8F:55:3F:19:46:84:4A:C8:A0:95:62:50:5C:A3","sha256":"3D:8C:1A:2E:1F:32:30:D4:D8:4F:D2:FB:CC:99:F1:9C:05:E5:7B:D8:9D:7D:24:86:AD:C5:1E:62:55:44:A4:CA"}}},"request":{"raw":"GET /pxf.gif?uuid=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b\u0026eb=f522123235b3758dca5b00f6aebd1253\u0026te=e7b29a3f517d38d4366e5d69d562f86a\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=466c21c39eb224635d18fb77ada6bdb4\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=1 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a82f7cb8c865e92c9a81bbf8295668e2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":774,"timings":{"blocked":331,"dns":4,"connect":109,"send":0,"wait":111,"receive":0,"ssl":218},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b\u0026eb=f522123235b3758dca5b00f6aebd1253\u0026te=e7b29a3f517d38d4366e5d69d562f86a\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=aa177888545d5fcb5c8d39ba3f934f3c\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=1","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:40.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 21:53:17 GMT","end":"Fri, 28 Nov 2025 21:53:16 GMT"},"fingerprint":{"sha1":"AA:2A:FC:C2:EE:01:8F:55:3F:19:46:84:4A:C8:A0:95:62:50:5C:A3","sha256":"3D:8C:1A:2E:1F:32:30:D4:D8:4F:D2:FB:CC:99:F1:9C:05:E5:7B:D8:9D:7D:24:86:AD:C5:1E:62:55:44:A4:CA"}}},"request":{"raw":"GET /pxf.gif?uuid=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b\u0026eb=f522123235b3758dca5b00f6aebd1253\u0026te=e7b29a3f517d38d4366e5d69d562f86a\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=aa177888545d5fcb5c8d39ba3f934f3c\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=1 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:40 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3cfe26c7b8cda6ffe287f240b7ab1dbf\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":658,"timings":{"blocked":279,"dns":4,"connect":91,"send":0,"wait":99,"receive":0,"ssl":183},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/js/jquery.typewatch.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /js/jquery.typewatch.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-frame-options: DENY\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Wed, 22 Oct 2025 09:15:47 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: MISS\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 890371\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=chw07YkJ9WW74s%2FwPjclsTdgj3fVTd3yOPrF8finPczPwM4yMGPMrxQeWDGfBl4s7AfemB3eSye%2B7fqo77fKun5p0K8UjXJrk0lbuHp9ZEAb\"}]}\r\ncf-ray: 989931eb08060731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1745,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (1440)","md5":"6915a93382a7b35f40987fd648b43f9d","sha1":"b78c77cc774594df414a7b1fb99c28083d85bb80","sha256":"1836dba8922ca00f9ac170122f314b2cd7bbb2eba09c73d8bce215597bd9cd2b","sha512":"e88f5e62ae04a867b1b5ba979e2b653cab8348167c37cf897856d13558114dca318ac33b2c07d611ad3559014c57e60b847823421a46649a47f5328720eceac4","ssdeep":"","tlshash":"6c313f4cb152a15d87e263f6aa7616ee3a7ae3785a001184316512d0a078a8f63d7bd4","first_seen":"2023-03-07T12:12:06Z","last_seen":"2026-03-29T20:18:02.232774Z","times_seen":387,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/16f9cd2f90a6/main.js?","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/16f9cd2f90a6/main.js? HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5; _ga_T9LGLZQTB5=GS2.1.s1759628259$o1$g0$t1759628259$j60$l0$h0; _ga=GA1.1.1937902578.1759628259\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\nserver: cloudflare\r\ncf-ray: 989931ee582f0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10029,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (10029), with no line terminators","md5":"8936032a7d3e1beaf7bc11c688e416aa","sha1":"33c12de157725853e90bb35bcf8cec679ce7184b","sha256":"13ba73dd673cf272747ee95b002c7d906257f4b22b3c37e0ede66df4164812da","sha512":"6a4851df35bdbc816102a49bc91392877d8a809da315c4155df62882f1a2eac3b8a140353b081e91e7be5c1de9f637d556620364b84fd34b805a327df4e8cc90","ssdeep":"192:/ZfWHQSB7MFigOY96LwJvNA/aR6r4B5ZMhIhQ:Qc6Y96LwJVTIg5ij","tlshash":"7622b7c575cbfa52c12a04b0913b63d7910ebea484e85c9b9f04fdacbc2d344b4a9e19","first_seen":"2025-10-05T01:32:38.510607Z","last_seen":"2025-10-05T01:38:06.6564Z","times_seen":3,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026es=1\u0026e=gtm.load\u0026eid=11\u0026u=AgAAAAAAAAAAAIA\u0026h=Ag\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:40.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026es=1\u0026e=gtm.load\u0026eid=11\u0026u=AgAAAAAAAAAAAIA\u0026h=Ag\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:40 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"saptiledispatch.com/sb/notifications/cinema/default/us/all/close-rtb/v2/index.html","fqdn":"saptiledispatch.com","domain":"saptiledispatch.com","tld":"com"},"ip":{"addr":"172.67.163.213","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saptiledispatch.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 27 Sep 2025 20:53:53 GMT","end":"Fri, 26 Dec 2025 21:49:19 GMT"},"fingerprint":{"sha1":"25:84:2F:12:A4:D0:3D:E9:65:DD:1E:3C:F0:FA:59:26:22:53:49:61","sha256":"0F:AE:DE:02:64:1A:1D:EE:15:BC:63:22:DF:15:D6:E4:E2:53:31:2F:F0:34:33:20:CE:76:39:97:FE:24:2B:D1"}}},"request":{"raw":"GET /sb/notifications/cinema/default/us/all/close-rtb/v2/index.html HTTP/1.1\r\nHost: saptiledispatch.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:41 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:20:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wU6kKAjjma%2Bia7f1o7ADCE%2BTCi9cXa6lq%2FV6%2FArNpX6Lqw2q2vfGw71mYbHTIOFZFMmPEzbB6A3V0R6D2%2FT2cXSoCuo4%2F4fycJqrtv%2FTm0TZ\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 989931f93b1356ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1267,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"d5264dd58cf6dfe1c7a32d854b09e412","sha1":"8102ce07721c96e041807d56dc3f7f76ea26430a","sha256":"ad23771ee9bf4f89c380e6b72ec302600dc8fb0b9aedc38933d98269a6d52a17","sha512":"d8a89b2f14ec73eac342c475a1cba2b80797e09db06916df5b5c214822c63b1bb5917c8e9586385455ed72b20aa43926e70db9bff1b5edca493fb9bcf19ff9f3","ssdeep":"","tlshash":"ea219b47adaad3b711c360867b712f67bc92d58bca4f150a37fd0860cb8a945cd43507","first_seen":"2024-11-30T23:29:44.280357Z","last_seen":"2025-10-07T03:49:32.218746Z","times_seen":163,"resource_available":false,"data":null}},"time_used":796,"timings":{"blocked":152,"dns":3,"connect":2,"send":0,"wait":491,"receive":0,"ssl":147},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/cinema/default/us/all/close-rtb/v2/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"172.67.210.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/notifications/cinema/default/us/all/close-rtb/v2/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:41 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:20:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa8537-1012\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 2924124\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=n6QdKuOuOsyJY8MPso253lCM8GCdxo39jORxooWwG%2Ff9TXB%2BKBUIW6u4rV64i0kb%2BWJEi2%2B7EODQQZlY5h50NQn23jc65NrquQXAHPqAlpg%3D\"}]}\r\ncf-ray: 989931fc9bfb32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4114,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"66cb0c3595b586cc853322ba2e68716e","sha1":"853856f3b058cdd0c7e77b19363d4fc9c0f1d1ea","sha256":"bfafa4aeb2f69487aa1773bb074200e7a976b244ddc73ab9b6cf147e90ef3332","sha512":"d23df1444b59acb95e3832540c1862c5984572151b91daf94b466fb4398ed5d16cfd6bd29bdae302d40fbe2e320e7a1584f3e2ed632b56c2aa14e190d57b1e0a","ssdeep":"96:izMM2Ca3CKFrCnWdFtAs/mnM0plim8QjoFNFxga4IHRCPU+wLcijxPFAmltAhEUj:QMgKFWWdFwnMMoFNFk2kAFIvfr","tlshash":"408132d67bb91604b50bd5a735023b573b2940039e0fdd785fe1341c9ec52e986a338b","first_seen":"2024-12-01T21:35:59.277383Z","last_seen":"2025-10-07T03:49:32.161455Z","times_seen":133,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":33,"dns":2,"connect":2,"send":0,"wait":6,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:42.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:36:13 GMT","end":"Mon, 08 Dec 2025 08:36:12 GMT"},"fingerprint":{"sha1":"F3:C7:68:20:2E:52:7F:61:4B:43:46:72:CB:A9:29:91:40:A0:5A:96","sha256":"1A:0B:E2:45:70:7A:DB:88:E8:4C:4E:DF:ED:F5:08:2F:2B:2A:CA:33:09:72:DC:80:8B:D2:7B:C6:48:3D:CA:D1"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 02 Oct 2025 12:57:53 GMT\r\nexpires: Fri, 02 Oct 2026 12:57:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 218389\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T00:31:06.921966Z","times_seen":713416,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":8,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/templates/echo/js/jquery.readmore.js","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /templates/echo/js/jquery.readmore.js HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: text/javascript\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nlast-modified: Sat, 23 Aug 2025 08:57:43 GMT\r\nexpires: Tue, 28 Oct 2025 20:52:46 GMT\r\ncache-control: max-age=2592000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\ncontent-encoding: gzip\r\nage: 466690\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9nGTJWSifLK8izqKOjVZes1k2ZpRfUoyv0wqm4C5JzZ9hQIOTkGFPnerQPdnnSdPxMW9qPIr6xbEdxFiCwVPUuosfnZADJ95Uaz6ahixgnxU\"}]}\r\ncf-ray: 989931ec381e0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":3430,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (531), with CRLF line terminators","md5":"081fe3d90aad9b9f11e4b1c0569530df","sha1":"ff566498ce6f25f4a3b28c0e2bb92b6b86fea6ed","sha256":"98e825583e6fb4f7e8a65f9063fb7ea2d34aee8f9aa480dfee285ea27f4fca02","sha512":"cf242d2562e01ce001f00b847c0855d090f3c2883ede50cb65298cad502e2ae1fa6648a16eab883bdac88e2cdbe0366f4dcad0967bf3cf0e02ef979bf7f2b2f7","ssdeep":"","tlshash":"ec61f169b323f642c4a720e2705f530a663bf128835580547777dae86f7c80e7863a7e","first_seen":"2023-03-07T12:59:18Z","last_seen":"2026-03-29T20:18:02.153633Z","times_seen":319,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"w.royal-drama.com/uploads/thumbs/029dd22dc-1.webp","fqdn":"w.royal-drama.com","domain":"royal-drama.com","tld":"com"},"ip":{"addr":"104.21.55.157","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"royal-drama.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 17 Aug 2025 21:03:52 GMT","end":"Sat, 15 Nov 2025 22:01:12 GMT"},"fingerprint":{"sha1":"AA:14:CB:C0:41:A5:47:3C:39:BD:A4:26:30:5A:2B:78:03:D1:48:D4","sha256":"B0:4D:7A:B5:B9:87:61:3B:2A:96:32:72:4E:93:A4:BE:9B:7C:05:E7:B7:62:FE:1E:FA:5F:18:30:B4:EC:8F:02"}}},"request":{"raw":"GET /uploads/thumbs/029dd22dc-1.webp HTTP/1.1\r\nHost: w.royal-drama.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/watch.php?vid=c43d4f848\r\nCookie: PHPSESSID=5b995bcde8f30de30690bededc4e63e5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\ncontent-type: image/webp\r\ncontent-length: 22488\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 23 Aug 2025 08:57:42 GMT\r\nexpires: Thu, 27 Nov 2025 19:02:05 GMT\r\ncache-control: max-age=5184000\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-nginx-upstream-cache-status: STALE\r\nx-server-powered-by: Engintron\r\naccept-ranges: bytes\r\nage: 542133\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=76%2Ft0nqrpbaqQ10TUgOEk9jdJIMTx56Y0aYDFkU104PkILuN62%2B7%2B%2FKHYPBdNRWkyVHdF7VjnfJl2%2FZXTQG3WAyhvypFEgAhf5%2BCXeaCbh3X\"}]}\r\nvary: accept-encoding\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 989931eaffff0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Engintron","description":"Engintron is a plugin that integrates Nginx to cPanel/WHM server.","website":"https://github.com/engintron/engintron","common_platform_enumeration":"","icon":"engintron.png","categories":["Web server extensions"]}],"data":{"size":22488,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9afdcbc8e177d9e2ef3d49c0a180b0fb","sha1":"a8c2bec3b32283dce31f0a407cd57414c0119f23","sha256":"f404329e26d42b3557791753506f14b9b43a630a591df2222dd3d4a0b4b82e36","sha512":"3d422980355533aed4cb2ebd91e7f1cc3e8679b2403d78fecd3a1beb697dd8a6c82febb9a1e92ac74a9ff753b93c012718ac48273f959d7216e151b0498802eb","ssdeep":"384:XiLoZNRO2hx1Tj1PBbtXHRRTcvY3jKNDsTLy0SLtckQmw8Vc97ip/Tb:yLofk6F5phRMY3yYXy0cm83/P","tlshash":"e7a2e16680af0e5c939f685857953cacbac1154532e392e1368cbbde411cef4531537f","first_seen":"2025-10-05T01:38:06.658217Z","last_seen":"2025-10-05T01:38:06.658217Z","times_seen":1,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-05","alert":"Phishing - Generic/Spear Phishing","trigger":"w.royal-drama.com","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-migrate-1.2.1.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.194.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:39.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-migrate-1.2.1.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-1c1f\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sun, 05 Oct 2025 01:37:39 GMT\r\nage: 4021297\r\nx-served-by: cache-lga21931-LGA, cache-osl6528-OSL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 70575, 16913\r\nx-timer: S1759628259.062176,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 3063\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7199,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7085)","md5":"eb05d8d73b5b13d8d84308a4751ece96","sha1":"743052320809514fb788fe1d3df37fc87ce90452","sha256":"1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d","sha512":"7b68a43a22a41404a2ff58e0da6a237492cad0fc3e56d216980802b4d5fb483895262a7e049340d6670002bdf899ba88c319239e60d0aae1ac31d98556b0ad6e","ssdeep":"96:tBySz91Gwyk35YrfBewIt9jKLKDs2SFNK7wIDBRANyCfVJ45NI:zySzvGw/35YbMx9jKLKD3UIDBR8VVUq","tlshash":"3fe196dc72aab5611ffa30a8503bd21b72b25aec140d95a4f08ccde5392cc5d413ab7e","first_seen":"2023-03-07T01:02:56Z","last_seen":"2026-04-04T00:27:55.941185Z","times_seen":19794,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":10,"dns":1,"connect":5,"send":0,"wait":4,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/sbar.json?key=466c21c39eb224635d18fb77ada6bdb4\u0026uuid=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b%3A2%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:40.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:05:39 GMT","end":"Sat, 29 Nov 2025 00:05:38 GMT"},"fingerprint":{"sha1":"E2:5D:94:19:A8:E3:DF:BB:0C:81:C9:E0:EE:8B:9E:E1:F1:AD:67:58","sha256":"38:80:3F:7A:65:C5:71:DD:A6:A0:20:12:A2:CF:9E:19:28:AA:28:ED:C3:D3:FE:04:AE:C0:61:69:26:6D:27:C1"}}},"request":{"raw":"GET /sbar.json?key=466c21c39eb224635d18fb77ada6bdb4\u0026uuid=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b%3A2%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://w.royal-drama.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 05 Oct 2025 01:37:41 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 3423\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://w.royal-drama.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b:2:1; expires=Sun, 12 Oct 2025 01:37:40 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 06 Oct 2025 01:37:41 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 06 Oct 2025 01:37:41 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Mon, 06 Oct 2025 01:37:41 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Mon, 06 Oct 2025 01:37:41 GMT; path=/; secure; SameSite=None\nu_pl26971262=1; expires=Mon, 06 Oct 2025 01:37:41 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 213\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 11e282a199d90cb6d79be2ca4c10e8e2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7847,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"4d53341864599ef1f902ccf066434ec9","sha1":"adb0806d190f9606f691bcc0ad8a78e280859468","sha256":"6cbc3e940f6b238074edc1fec5ae0ac856f61028cb13f6327eefcc915836f890","sha512":"77a1b548a426607869bce4af928ab487b025194d9bab5210be1068a060d83c9a8db2b4c4e14256c07a9ab59fd9b45b1e921fa3f0a7620eb50a18dfc2c239c3fa","ssdeep":"192:SEaCFQr7kF7cb5j2stniW5j2stni2K5j2stnipOaMN:RHFqgG2ss22ssd2ss3E","tlshash":"43f14bae8d6e537602a00072b5cb0d74dc02597faf84d90568d12ead58a3e33de3719f","first_seen":"2025-10-05T01:38:06.660027Z","last_seen":"2025-10-05T01:38:06.660027Z","times_seen":1,"resource_available":false,"data":null}},"time_used":957,"timings":{"blocked":326,"dns":49,"connect":91,"send":0,"wait":305,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026es=1\u0026e=gtm.historyChange-v2\u0026eid=12\u0026u=AgAAAAAAAAAAAIA\u0026h=Ag\u0026z=0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /a?id=G-T9LGLZQTB5\u0026v=3\u0026t=t\u0026pid=769623259\u0026gtm=45je5a11v9184284513za200zd9184284513\u0026cv=1\u0026rv=5a11\u0026tc=15\u0026tag_exp=101509157~103116026~103200004~103233427~104527907~104528501~104684208~104684211~104948813~115480709~115834636~115834638\u0026es=1\u0026e=gtm.historyChange-v2\u0026eid=12\u0026u=AgAAAAAAAAAAAIA\u0026h=Ag\u0026z=0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 05 Oct 2025 01:37:41 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fcinema%2Fdefault%2Fus%2Fall%2Fclose-rtb%2Fv2%2Fjs%2Fscript.js\u0026l=386\u0026fd=42","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://w.royal-drama.com/watch.php?vid=c43d4f848","date":"2025-10-05T01:37:41.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:05:39 GMT","end":"Sat, 29 Nov 2025 00:05:38 GMT"},"fingerprint":{"sha1":"E2:5D:94:19:A8:E3:DF:BB:0C:81:C9:E0:EE:8B:9E:E1:F1:AD:67:58","sha256":"38:80:3F:7A:65:C5:71:DD:A6:A0:20:12:A2:CF:9E:19:28:AA:28:ED:C3:D3:FE:04:AE:C0:61:69:26:6D:27:C1"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fcinema%2Fdefault%2Fus%2Fall%2Fclose-rtb%2Fv2%2Fjs%2Fscript.js\u0026l=386\u0026fd=42 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://w.royal-drama.com/\r\nCookie: uid_id2=ddd2ec2c-9bcd-4119-aaeb-dab600adf02b:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl26971262=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 05 Oct 2025 01:37:42 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T00:31:03.876566Z","times_seen":13308907,"resource_available":true,"data":null}},"time_used":659,"timings":{"blocked":283,"dns":0,"connect":91,"send":0,"wait":92,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-04","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}