{"report_id":"f9fb1a9a-3311-4958-87ad-5dc18a75f41c","version":6,"status":"done","tags":[],"date":"2025-12-17T18:44:56Z","url":{"schema":"http","addr":"web.redwhatsapp.com/","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"172.67.148.4","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"web.redwhatsapp.com/","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"title":"RedWhatsApp - Download the Ultimate Collection of Free WhatsApp, Instagram, Telegram, Twitter, Snapchat, Tiktok, and Youtube Mods at RedWhatsApp.com!","dom":{"size":68772,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (8856)","md5":"5ec6c3a69e00ca34cbced2f2bac21e99","sha1":"91407b5302cd02eb44fc59a2c4534bff15ce7d0e","sha256":"37f2cea17275a49b20bb7d1a4ed249f9d1316c9c6e4ef5d1fae9172abf0b2324","sha512":"e1ff71366f4694352505b63888857361d10b0511bade0b05f8f98c66787905453b370a175a465a1d60146e4300610b02eaefb6f8fa1991b2e13771a0e6c6d501","ssdeep":"768:jwihByREQzDv4yjZdapzsXsWoOoAX13z+WKntfgE9j:jwihByR5DAyjapooAX13z+WKnRgE9j","tlshash":"aa6308b1d0f4123d6d0ec3e81625765c6f59921bc8828b69b3fc46a05fc2ce6e1937ad","dom_hash":"domhash86b4d5ed00a8fd3c83d3cbd7f9657863","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"web.redwhatsapp.com/","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"172.67.148.4","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-21T18:44:56Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"web.redwhatsapp.com","ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-05-21","domain_rank":0,"first_seen":"2025-08-18T17:18:23.183451Z","last_seen":"2025-11-26T13:51:02.820482Z","alert_count":57,"request_count":19,"received_data":967443,"sent_data":10765,"comment":"","tags":null,"fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Yoast SEO:24.5","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Google Publisher Tag","description":"Google Publisher Tag (GPT) is an ad tagging library for Google Ad Manager which is used to dynamically build ad requests.","website":"https://developers.google.com/publisher-tag/guides/get-started","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["Advertising"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]}]},{"fqdn":"yastatic.net","ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"domain_registered":"2013-11-28","domain_rank":3963,"first_seen":"2014-03-11T07:15:28Z","last_seen":"2025-12-15T04:37:13.374413Z","alert_count":0,"request_count":7,"received_data":1001736,"sent_data":3467,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"yandex.ru","ip":{"addr":"77.88.55.88","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"domain_registered":"1997-09-23","domain_rank":248,"first_seen":"2012-05-21T21:15:36Z","last_seen":"2025-12-15T10:25:40.535124Z","alert_count":0,"request_count":2,"received_data":451661,"sent_data":5234,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-12-14T22:17:32.87103Z","alert_count":0,"request_count":1,"received_data":434124,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"web.redwhatsapp.com/","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e73aecda17aef85b6300a100806ae6e9","sha1":"d15cc4385370d4aa893cfe76c3a0e0297f7e5f1d","sha256":"fde5d3a6db7a00495d7b38ab493e7aacaf2392a703794b1caf37563b50ef6afd","sha512":"31adb611ef56722e02428f23de9b2813a67748ea0b0f0e3d711203469908e8f1bbbcc9d58960dd654c6a6f5f70507c13a7575ac2b9d5a8de00afd1b93fbffc53","ssdeep":"","tlshash":"369000a82202808222a080200f0b23802230202880a280208820200cb0c08038a200fa","size":41,"data":"","first_seen":"2023-03-07T01:02:59Z","last_seen":"2026-04-03T20:05:01.851174Z","times_seen":11486,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e1c149ef3998a8e90ebd999db6737b99","sha1":"a8dee7b7982b9570eeb8dc69061e02f3b0c8e537","sha256":"6c220608748bd3445197df81d4ae40813c1a12fe4274e1b3724ba76c2bcb8bc1","sha512":"5b9f6de896baa08cb98a4097760036e3ee95fe179dc67e34cc9a71ce2028080b3cb43aefed458907758eeaeacaba3b89de1a28e64859dec216e399246013adbe","ssdeep":"","tlshash":"0ce0e52ff74824f7e470dbc581eb502986e34c52d286b42441ce1c241bd098d02d2cd3","size":430,"data":"","first_seen":"2025-08-18T17:18:25.878037Z","last_seen":"2025-12-17T18:45:03.458388Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2c5b26ab47ffdb6026e20b4ff7ece161","sha1":"522c25002d8aad3f728a393fc0e788a9689a74fe","sha256":"f67b04a03911958c21584a236dd8e74808107912fc9d3d5264218866a43e3206","sha512":"553ebec734e135f481e28dbe859076a1fed40636bfcf3461aecf056aae76ab5adb4b1959da0f88a800927b4570667c0053f2f02a143bbe8d21f21a7a5a2d63ba","ssdeep":"","tlshash":"c2f02727b7851df3d470d9d041ea107847f60c52d695252251ce08281bd294da297dd3","size":454,"data":"","first_seen":"2025-08-18T17:18:25.879342Z","last_seen":"2025-12-17T18:45:03.459925Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yandex.ru/ads/system/context.js","fqdn":"yandex.ru","domain":"yandex.ru","tld":"ru"},"ip":{"addr":"77.88.55.88","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"58f857e8c6c595b1a32bd5d53c672b19","sha1":"66e6354a6f47d764b7b6047d87588ac514008927","sha256":"a7538e01f82769a9e28c566123c9ac696bbb0fb1c4452ca00acee9bf8d3d45a7","sha512":"d6121ce98c2235de4ae4383896bb83e0a93f722d9ac38379308fbb61cc57ea9e2ee852d327babec45addf165bc0c88c6208f208bf5642cadbaa2bbe61e233d4d","ssdeep":"6144:XE41Oh19jMk7hRl4PLXdCn7oTJtKzYicGhKDM:l41+Ul4PLXdCn7oXfO","tlshash":"319408e975a1b4f203e391e5843f160fe33b5a29741d94a1b722d8d1ac29d4f5223f3a","size":447841,"data":"","first_seen":"2025-12-17T18:45:03.450127Z","last_seen":"2025-12-17T18:45:03.450127Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b1e0fc5115a93dcff341c03123c5e73f","sha1":"6256895ad424ce32604c8916d132d39d64bf8a10","sha256":"23ccd1b784b6a09e887af9de4038a8552709cc057bc3f2c95028959abd19ac41","sha512":"261a39003ee6aaa3fddfbbdeeec6da5eaa59a81416aa7a4e7b90a05eba54744b94aa36de6f7ef4628c5c8c3e55af81ff76d0cd0fac0f13f4ab783af4518f6c3f","ssdeep":"","tlshash":"7fc02bcc221b0c7086f737408b3fb600b402323894d06931490973048d30e03d744d10","size":153,"data":"","first_seen":"2025-08-18T17:18:25.880939Z","last_seen":"2025-12-17T18:45:03.461247Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"securepubads.g.doubleclick.net/tag/js/gpt.js","fqdn":"securepubads.g.doubleclick.net","domain":"doubleclick.net","tld":"net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"0c9ed134ae3d5ffe972da2a3e59dc428","sha1":"620df222551395592e46e4c5f425cf23dcdad891","sha256":"5f9efa604bfe2aee8c1a90376125a098306ba390530a6f9b2ecb0a67cdac178d","sha512":"439231f58951b81e4a2587649aa79dbad9d39f64456569301ce3290cc5c537cea970eac765da2e60d4eb06b1d84012ce8e63b75cf5ee1c4d0742d92297946dba","ssdeep":"192:AzZ0ltIlcoaplEbajdKRFQ1A3kutlpg4m4EDac2AV7Lek8wVI+ZQkb8YkCavaun4:UqGbax07e4K22ykJUa8LHT7tBgG8h84","tlshash":"c1421e193af369ba55a3f0af0b6f510ab13888533d0df9407d6c92195f8d82d82f17e9","size":13104,"data":"","first_seen":"2023-04-05T04:46:03Z","last_seen":"2026-04-03T20:20:54.261868Z","times_seen":124218,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-FX41G9V0BS","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"94b4588f372af5c9d59282048dc342b1","sha1":"f9beaca4f0664ff81461b1247c012c69a64f03dc","sha256":"7645ac51b8c283eb83909754525f02b7d86228d82d633ae61c970ab4e0051e26","sha512":"d8464c44b262dfc029034651ac711a3d64a5a937d70f8940fa630faa9d79ea82714bc00172403d5252645fad0d69333258b670777fa999c0efe950dda66794ee","ssdeep":"6144:D2Ie7ma2bulKY/1u99xHDmHYmyBFzvnsyRO6jJWoNPad4FpC1xY:TC8bu7/1mbrnsy39WbMpb","tlshash":"fe941ace73c674269396e078503f118ba57b29e2b45cc896f189cce42d74a9a4237f7c","size":433520,"data":"","first_seen":"2025-12-17T18:45:03.446195Z","last_seen":"2025-12-17T18:45:03.446195Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/partner-code-bundles/1303351/885f2f1db6aa52089d50.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"aeffa811f13db31db553d463f76e317b","sha1":"5c664652556de603535d03d867be0048a892ec28","sha256":"0fd06e497f64d0c2c40ee30f087abf8ee53bf403a9b77b87185a72af5c21d2e9","sha512":"6cb9cd350351098746dc80385ca9d9531e91b6cda5f437dd653fa2efe89d75203d79884b353766a5615f88d6d56b3aae1da210d35bc2085dfca2c3ca4e9d0e6c","ssdeep":"192:VwtKXSO2dyacdF+mmFyZ0BUJV0gANkwNiWiN8XNVVSfMQniuv0bbjLIFTcueIlby:VwtKCOkydF+oVIbiHMyhvADhl","tlshash":"f97208fd7520b0205bdf30b6627f191ff378292e644c84a06706edfa29b491e5193fa8","size":16372,"data":"","first_seen":"2025-12-17T08:10:30.193422Z","last_seen":"2025-12-18T07:08:28.894012Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/partner-code-bundles/1303351/bd2289ae9367c68b9f53.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"60286b15ed92b907813635ab587670d2","sha1":"86f3e83fe3d051d8f3cfbc00dda468f7ec6e3dff","sha256":"c562b9a60e5bc6f527619b044a4d4d4b7a89cb894cb16444911c73a88be602fe","sha512":"489e5715cd298b3dd652396d1e39420985279dd13838a7bfb779c0369726253ae0053f0e44242e65b625b3e25400210c0908dda1f279c30f60f90b7bb6602a0f","ssdeep":"192:lwIIpb2spjlpQ7YX0lQsm+24OHKTXVEUHXSLe7trVfcxY9u4FdHN3vgfye/K193Y:lwvx2+lpQMXZ+2tHKTDSrxY9P6fyH4R","tlshash":"f962f79974d1b4a517db20bb413f150ff3b9a839684d80a0f222d8e97ef885c8167f6c","size":14938,"data":"","first_seen":"2025-12-17T08:10:30.092769Z","last_seen":"2025-12-18T07:08:28.912753Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/partner-code-bundles/1303351/e229b9a54e91db77ca32.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"0adf15fed6fa56776547a744f5298839","sha1":"826a240aa3ad68951f5815b83d673d6e218b254f","sha256":"114deb46503fc49deb7582c53d9e9f486d07d0c5d7d936af83a32e2dc0bb6b85","sha512":"746f046366c47cac42428729dd630c8ed122bcd030fb860ce0e341e625a8bc4af583f22a2f425424d2176556d3eba55a1d2ce67eca10648af5b470f9d7745afd","ssdeep":"768:1axBshVVNu+NSW/lQSuZqyWEDVPmBD93yjDUSp0Bpnr2nAY17h8q:MxBqy7ZqrZBDNhBF6AYxWq","tlshash":"6b73ead97595b9ba02c3d8f1443f220ee37b9611711a6580b323dac1ec25adf5223e7e","size":75241,"data":"","first_seen":"2025-12-17T08:10:30.133521Z","last_seen":"2025-12-18T07:08:28.900897Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/safeframe-bundles/0.83/host.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"2435549eac66915d7464ee7b9efce038","sha1":"e390598fb192583622a8ea079d5c96dffdb34fb5","sha256":"34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55","sha512":"42a25f058316e5e947ba3149b56c81fd0e82f21d4b8109ef4fc529509d54235a0c0d7dd6212e381129b46ca72d81c4ae9e58cfae87557587727bf290fa1f3f09","ssdeep":"768:uKbdR7ii7FI+06HhV69ztBLEankCqH1UKW35V8tFOzbZ51QtD8JFtEDv/eKzS6Ei:TR3gKCzF5UEad","tlshash":"cee2a78e3295b43703c760f4903f210d65771d28a45a8894fa6bd4e23e7a84f527bf6d","size":33703,"data":"","first_seen":"2023-03-07T01:02:46Z","last_seen":"2026-04-03T20:05:01.750933Z","times_seen":22852,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/partner-code-bundles/1303351/ebbece0a8aceeb1ababe.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"f87d6d30d53588a7cddda8b819ee2339","sha1":"3cc09b33c4dad28ebce642d06e381bfa91dd1d87","sha256":"dcfe93942d2e27b31125cc5e3bf2d5984045c87c5da5fc8a4f45e6b7730f99e8","sha512":"937aa0e7ef4fd7f49b2066c04ba9147f2109b147e51a48101ddb3bd0bc1faf7982d01c0f59538f959c496bb1e0d981948765298d8af4306a2f319555323a3dd8","ssdeep":"12288:pnzBEBDie5hG9Ym9IKWBv1ndhcvwQYHS0lOd23nhB74hNp1:oDh5hG9Ym9IKWBv1nYvwQYHS0lOd2j+F","tlshash":"6ce4f8d9fa5170b542e790e9c03f160ea23f751a700980e4b766ede26c74a8e6123f7d","size":700834,"data":"","first_seen":"2025-12-17T08:10:30.194253Z","last_seen":"2025-12-18T07:08:28.89478Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/sandbox%20eval%20code","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"","is_inline":false,"md5":"fb4eb094524daea58bf7f82331598541","sha1":"f5ca39eb98fa1685f8647514a627d3d7f216f7ef","sha256":"7cbf1e77bb9277bac7030ded2087246adf5c59564a5a1f28ce8c09be6ef48683","sha512":"316e84930b062a939f8ae6e0f256bf68257e8c01b0f56f499ccf557628a1fdc99258a069b0e11aa956b96109ccc6fd63225f13191abf42ea4f36b89485c66ba4","ssdeep":"","tlshash":"f4c02b63f77025dd1f183ab07511600363c6eb044bb74002f006003f5440fb519b80a4","size":136,"data":"","first_seen":"2023-04-11T21:23:25Z","last_seen":"2026-04-03T20:21:47.437862Z","times_seen":134756,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6e2861f49b39dd6b62d83b72d5ad736e","sha1":"1155850f38d87504b8c585e89aab86986f47e2fe","sha256":"a26d4b04992b2d2498c0c5f785d2fcd901aefa677e23e601ea8f4274717e0ac9","sha512":"5ffdba4ea78482ec6562088158afd197ae18a1550353e857148c7141f4e1764009c6ff58d0b8bfe7e120af30abbc1995ebe1cd3bac305c441ae9c4c6a1a7ad9f","ssdeep":"","tlshash":"4bc08cabf7e038b203b2505048ac0c162a61024b4b8d88457b0c701f2bfc49a1aeb2ee","size":163,"data":"","first_seen":"2025-08-18T17:18:25.881932Z","last_seen":"2025-12-17T18:45:03.46387Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/themes/RedWhatsApp-2024/assets/js/main.min.js?v=1.1.11","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fbf5fd74ac11ecda50a91fd66ce6859e","sha1":"114bc0a09df69f9a273a0fee4f44b563baa9092d","sha256":"8b40f6e3ea5ff5fbd8f723706ece1ebca084ac4404632d848eb2079666f8a411","sha512":"8b3340e4bc5c84c05729d8bd62905512fa2758516fe755be5b3548558cc06e891a2bd05f59ed4bda9c188edbbd2a41e0dcb3b445f95a1b4e396471cba81d8588","ssdeep":"6144:SAIy6PuloluPQ47GKVP5L+c8R4r5ahjYkPYgsuYbD3qRRO8iJCWBfHf2hPrbKBTG:SAIPuylu5PfJre2Q","tlshash":"7d442acdb280703247ab60b5917f510ff2376859a40a8054f56cd8e92dbce89627bfbd","size":258417,"data":"","first_seen":"2025-08-18T17:18:25.866234Z","last_seen":"2025-12-22T19:16:37.189559Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/partner-code-bundles/1303351/2c2744783ab10d69cf03.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"a2c0de10e7644075949440fa11ffac38","sha1":"107b9b87289de396e3dd9eb63640dd80273e7e19","sha256":"d47e99736d98e641fde89c15714ff70eebd033d3f2d2d9ab4891bb24a48300e0","sha512":"e0366791646b3dc1ca7a957e4ab486c7b1eb00423f04e69bea0529cb305fce4e1662be2c85797292dd2864988cdeb7e049e847fd4f2b1a2aedb54e9c784982b4","ssdeep":"1536:A0Qh3OPDzoTE1T151SzBhNBSoZCM6yQNA4liPOgGUg6:ABYPQTE1Tv1wNBvZ/6ysi7","tlshash":"06c3f788f59274b502e790f8913f6a0ab33b5429702584f4b76deef19e7490e5122fbc","size":128355,"data":"","first_seen":"2025-12-17T08:10:30.117068Z","last_seen":"2025-12-18T07:08:28.905303Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2023/01/youtube-thunder-Hanif-2023-150x150.png","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2023/01/youtube-thunder-Hanif-2023-150x150.png HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 12 Jul 2025 16:12:44 GMT\r\naccept-ranges: bytes\r\ncontent-length: 13213\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6QYgfl3dMcl8WcoZZvTAvDoEhWeMJ6d%2FB%2BF3Hl4Gq6r4Y3ebNgdvg6Ocd5m6ewrQdeSKyTfBPPe6yvyaADNoqg9fz%2BVg7u2Q2le7Glh1Dr3Z\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af89292fced0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13213,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"0704d99afc25c2835ca301be998044ca","sha1":"660dc129a3cc5eb27b07ad60b37d09ddc712a883","sha256":"bf8eec7b4835ad1f97ae14ba4fec5fa0cb62cbbc0469c99d4f88756213ce3131","sha512":"b02f1fbc6cbf073b2223b547cf4aa052139781813b1fe401dded1268ffde96a1ae448832ee5fa8893eb7376d374e0264a6071d754f36d1dfb09a6a9c89653c52","ssdeep":"384:MUBhvM6ogRoWCT21diSaYZaWWhR6HuGEtcmVM0y:DRhC7WWr6OLcmvy","tlshash":"9a52cfddfbc30209f44d25136105870b8e9a3565e9f07225d438c177766bb8f429bce9","first_seen":"2025-08-18T17:18:25.839416Z","last_seen":"2025-12-17T18:45:03.42186Z","times_seen":3,"resource_available":false,"data":null}},"time_used":888,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":887,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2024/07/Moviebase-3.webp","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2024/07/Moviebase-3.webp HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sat, 12 Jul 2025 16:13:44 GMT\r\naccept-ranges: bytes\r\ncontent-length: 6186\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C6bfJrzzVyrVC2AtnEOWylUEi9rvtQKeX%2FdL7nlScKA1JsPBz%2FPMnp4r8K4ZxjJqguSJC%2FZaYuIkWz0aD75DXCiwcwMWKSO3DR0ZHSAfzvgt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af89292fcee0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":6186,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f2cbd014711af2ca6bcf36602d5aac67","sha1":"12f01381b0aa592424ef1039b1483fbdedead961","sha256":"d9d2e3225c2f6a0e26a10bcb3a053058d8f8481acdbb023139277314d565fb8e","sha512":"9a42e4b6adcaecf00d63bb9e705dd278952201ec1330c01e8989f260fed7d5ec39c9f6b57ef3b6f1ef843b5a28378a1916ff2c0077b47485a0cb0eeb6e3d1302","ssdeep":"96:MXmUWVCYqF/3LduPnLsUXSmkz4mlND9izNhZV+Iea+JppSQQRcF4:hUgCYQ7WnLsaSmRqoZ6aWoI6","tlshash":"f2d19f49e3692e8c9c6a64d4bc8cf8fa3c3610dfd467bab54c5370d04cca22c5265c9c","first_seen":"2025-08-18T17:18:25.867348Z","last_seen":"2025-12-17T18:45:03.423231Z","times_seen":3,"resource_available":false,"data":null}},"time_used":666,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":666,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:35.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yastatic-net.ru","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 05 Nov 2025 12:46:11 GMT","end":"Tue, 05 May 2026 20:59:59 GMT"},"fingerprint":{"sha1":"BA:B8:C9:5D:AD:9E:A2:E4:3B:39:29:BA:EB:5B:C7:E5:05:B5:AF:82","sha256":"49:88:7B:7E:11:ED:24:22:87:2A:1A:23:E1:D6:37:AC:5C:14:DC:32:A8:13:3F:ED:35:6B:B8:E4:BB:8D:36:E4"}}},"request":{"raw":"GET /s3/home/fonts/ys/3/text-variable-full.woff2 HTTP/1.1\r\nHost: yastatic.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://web.redwhatsapp.com/\r\nOrigin: https://web.redwhatsapp.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 26004\r\nstrict-transport-security: max-age=43200000; includeSubDomains;\r\nvary: Accept-Encoding\r\nx-amz-meta-owner: {\"role\":\"admin\",\"login\":\"4eb0da\"}\r\nreport-to: { \"group\": \"network-errors\", \"max_age\": 7200, \"endpoints\": [ { \"url\": \"https://dr.yandex.net/nel\"}]}\r\ncache-control: public, max-age=31556952\r\nlast-modified: Mon, 25 Apr 2022 14:02:39 GMT\r\naccess-control-allow-origin: *\r\nexpires: Fri, 18 Dec 2026 00:33:28 GMT\r\nx-nginx-request-id: 7985e09fb1c0841c\r\netag: \"7f0cdaf91230f9789ca4162aedff612e\"\r\nnel: {\"report_to\": \"network-errors\", \"max_age\": 7200, \"success_fraction\": 0.001, \"failure_fraction\": 0.01}\r\ntiming-allow-origin: *\r\nx-strm-log-split: 3\r\nx-request-id: 1bb404c34de14516\r\ncache-host: cloudcdn-rad-09.cdn.yandex.net\r\ncache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26004,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 26004, version 1.0","md5":"7f0cdaf91230f9789ca4162aedff612e","sha1":"965de571aa794dab64076c3cc64dc8894b843f23","sha256":"033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9","sha512":"444460846fa2bfddd7990c792c6fd8389c564b5c967b5cc10fb3717117c5424fa33f23f8c4cffefad176016a79be5557920908cc82f7942700a0fac71eefde36","ssdeep":"768:cBrkn2SWY48o/bS/qDzWhKnxy03RQD1K4Gzs:cBrKS8o2kKKxyKQD1K4Gzs","tlshash":"37c2d0a5e7112b92c93556a4f6cb4849bc25b0532c56f3825fa9af80344be8357efc3c","first_seen":"2023-04-05T11:29:19Z","last_seen":"2026-04-03T20:05:01.847111Z","times_seen":21567,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":58,"dns":1,"connect":13,"send":0,"wait":15,"receive":4,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yandex.ru/ads/meta/14218925?target-ref=https%3A%2F%2Fweb.redwhatsapp.com%2F\u0026pcode-version=1303351\u0026pcodever=1303351\u0026comboblock-unencoded-vast=1\u0026ad-session-id=1338841765997075970\u0026target-id=46388873\u0026pcode-test-ids=1387855%2C0%2C30%3B1417626%2C0%2C59%3B1447439%2C0%2C57%3B1436999%2C0%2C62%3B1440155%2C0%2C54%3B1353317%2C0%2C18%3B1451289%2C0%2C90%3B1442331%2C0%2C93%3B1449507%2C0%2C37%3B1360192%2C0%2C9%3B1431900%2C0%2C77%3B681842%2C0%2C37\u0026csrf-token=897627ff77d041bfac1cab19ea86cbdd9e750906%3A1765997075\u0026pcode-uid=2510911041765997075\u0026pcode-flags-map=eJy1ld1P2zAUxf%2BXPAPKdwhvrn3bWBjbXDsp1YSuGFTaAwOkdR8S6v8%2BpUm7pYVm07S3KMnv%2BNyTY%2Bc1WDBnnWcTBQ1gcPHhNfh29%2Fh1GVwE0VmRJmdRkuVZcBKsll9W8qG9nWZRUcbB%2BvYkaJijDqYG0EmjhwpJGOXn%2BYBO0iLNzne0MjPiRnvQnkSNzEujyQJy0H6oNVSJizDvPDhnqZECTGtBTiXvNOSVRXAHlpY%2FXobDpGmcdnaEdJtJBDiPZkFw4wE1U8QRmJcNEBNUO0DiyjggaPY9HoqXcZEF65ORV7pBNMzJXUpL3lzC0PX9y%2Bd9ahvi1jVC3V0w4cZMbVkmpuaGrmuoW17UHH4no3eo9rMhcKZ4rZhvyesanKcr8JURNDVIc2TWAlKN6riXLMzSbKNquREwUqYkyaKDKub5hge9IS3CRAqaMK0ByRon%2FWgFoiKPj4g00smJVNIvaDv0%2F5GkufQVOY5GjcT2D%2FLSbZ4q%2BNMVemmPjF9KPSNLwO3VsJ6rx72KFWlSvknzv6K7giIgaAFIU2UMst2YQiJwf1wrycuy0%2Fq1tWjGfLXdxm5EIA2jrGtoxayVGpwjV2MDC5J8rwaf7p4ehsdUliRR0QVhnG%2FXZB5mBhdvV%2FNg9SyKz7dRKDYBRaYB7AMY2eZxkkTvodQeNhWwNtW5FL4aCWGnVTsg3Z%2BG3jNekauYMPNu20sxg7E8yyzsEullurO777Eyxh7lkzyM%2Bp9P%2FxW4AqZpDpMB9%2FR8%2BvyyOr1%2FXN49nX5fftxrRVSGYbC%2BXf8EB%2FIGNw%3D%3D\u0026pcode-icookie=Bb07LUbBRVkoFANr6KYkfX75XeXg%2ByeqG6gxTIArs6eftLZqfAtzcrsyfT%2B1QSiM%2FbAzXzo9mlSP4gEL%2B647H7IQCDA%3D\u0026disable-base64=1\u0026imp-id=1\u0026ecma-version=es2017\u0026same-node-hit-number=0\u0026test-tag=452449034829826\u0026tga-with-creatives=1\u0026top-ancestor=https%3A%2F%2Fweb.redwhatsapp.com\u0026top-ancestor-undetermined=0\u0026layout-config=%7B%22win_width%22%3A1280%2C%22win_height%22%3A1024%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A-1%2C%22isInIframe%22%3Afalse%2C%22w%22%3A1280%2C%22h%22%3A0%2C%22width%22%3A1280%2C%22height%22%3A0%2C%22visible%22%3A1%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A0%2C%22top%22%3A0%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A0%2C%22right%22%3A0%7D%2C%22req_no%22%3A0%7D\u0026grab-orig-len=2128\u0026grab=eyJncmFiX3ZlcnNpb24iOjJ9ChKkppAkx-8B1KPAuE3SxKge5bct-dKJIkWyZZ0Icm056Sjr1m9rcAEF4hUNbseW_lpPT4F33Q7nMQ4yD-Xw3ewMHt_95fH4eebxPFDvgXBXLqi2veMNsdH7aMvb2f0NcuTprPwbuY3xfp6t78beSPV_a4KxN7he8mLV5WBvhB-vQ9Jnzl-xN2Jftn-STncyc2Ni79W9DUizshX85jav7JU3-eyR3xzA-RJjRr7zee2-nIck9b74ddppdOn2W8_fMyQpfs8jlfD4EqNSQfOoPL43GdsfqxRI0oAVj8ly8y4zv9QowVdyJbp76ru4y2v0uDibPWnvxbnZpvDYkCAlXZYaWLPfZi9mj6ftdbz3-GQ4JfavzKZ4N9QkuMLNPtEx_dPYcXlnBm142wli8XZqHCb4YB24ydtorHYCliYiPy3HqU8pr75HT20s2-ZLVmol5PH7Usd0aPGycjMWn8Zttoaq9t06_TFvCQ88GC4EY3sCMTRRORxEiqbEuk9JbjdpE84wuD8A5jgOPRaJxbeJ3aqjyU0Q19mqvktSxtltK8es2iybkHp8PX73TiGwcr7vaknNfR-gnrEEWZyTKzGkHvRtVGFpfGJdI22kXJmV1S9DMDt2joUkirXRT985FYqUEYsuI82sNZoW3_Gqv05W0UOe6ItBq-l010v33iM_X-Js27T7-cEd78Dv1UK4F9IvaGyO7XoRWKmkn7vCqaIoj8Mi8DjCR9yAXpyUvDnt4JQbLqIka8MbKd76p6U8-Pn0i6D6uiA4WTdqRZp-tVhXfkwTmjZiQZoshG0yooI1xlf2uHK50_O-X0wFo_nM7aY7bbtdCi7Vcf2x8mT8To86APEpE1_eqAuJZtKOi1tnZ-qhI9VeacIvFrSCYMJSEHOOXK3uJ1emB27yiQjJJyK4qfV6JXGFJF9y1hjEYkzQYvn-l5L-aC_1ksbjnav-OAfIEERiviQpwCgVGunoWFwUTaraC3TjeauzTCdHYM-GQMt1baRf2UqPJuOdFLZg5wcAdWZuY8wPVnlFLo0ViRU-tFAMpYfm1Cuy5WyQPeX1PdybgfXN8G36f9RW3-hZmSNjYEYixZ8swj0ZT5-MbAWrN5XCsFGsclTbUhT5L5riF8bExLGtePxilYB31GQn6GuOzV1MBZywKMKIsBR_cBjifDCe0nLAaI5YCFGZK4fiUKj4mTHQcN4Yj_8MFlFlV-_OOuEJ_mtJRA78-m-I-y8e_xd1VpRqFVcRxhUzwowESjOuGCIc24qvb0bM009UZYOSzG6VQqdR5rvoQqWpNiEO1xhv3fHYoK161QJs1X9HCToOlsKOWISG88R4emSAwXGgHlMnUtg7Y-Auja-XBv9XDZRGTahWUMnAhlEojEJRhI6uND1HiM8sqw7TUQoPMiH63afL9J4gah99eqwHosh9UI36d_cuO97IVyRWq_MLkEP3E2jRJdTKFWpBFWotLqCMehPUQFPY5CECXdq1-LANbkwnVPOG-OWKsQl4ZvzoPiEWwL87_aHmSYato7TGLOcs2V-_-y-jxilYFTLrH7k505fLBI7V520y8HVl1joEz5JF-2l3Mjx2bqOcWkeafcnG5YL_NbJ7nWe5OFvuOgo02MWYLJnEOvfYeP_YE282OTXP-VpaP5oVcJkkneO23Fh12S5VRs3Xduz6kbFmllHvCK0NGXlZ-CPHtc0Zi3qBfgzJzK3KqGUQunmNYVACI0HGJM7ASihht5ZhNy3RzaKSjcmRdwSGZYwhibAFkRRobbPgEDOuW0EixgiAnRgjhAFnHmR5tjU2osF_qrOOLe8KyExLkskIqVmJisOMhAq6EFmTqGoI7jsPV-WIWSZxkchUhJJ96LE7oarcqEGz8hUaWKquiSfqDDllxCdRhq0vuB0Rsh_YAFklTzZVs_DQdFIHuzR_rpFwQJeB0QsjQMW4Oe5s3p47-5D3LUhxLxLv7m5_bou68-w6N40WfNYh3ImOHlm9aWA52wWyRCIKhcG3yG-RxZQYY9kw4FKSeXg93lixtypTA-I7HKMGsrizeai3FlS6diJblK-M89rIzaZW01ogFIcCUiCJk8-rWgqkoFDBDKCES0wgKgP4\u0026uniformat=true\u0026callback=Ya%5B6559734507094%5D","fqdn":"yandex.ru","domain":"yandex.ru","tld":"ru"},"ip":{"addr":"77.88.55.88","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:36.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yandex.tr","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign ECC OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 26 Aug 2025 08:03:35 GMT","end":"Mon, 23 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"7B:FF:02:81:48:EF:11:E9:F6:FD:BE:76:15:A5:57:2F:B5:AB:4D:B8","sha256":"CB:F2:F4:82:42:0E:5A:DA:F9:FA:58:F7:47:D8:16:57:DF:1D:5D:62:E0:76:47:38:38:20:65:93:68:B1:24:F8"}}},"request":{"raw":"GET /ads/meta/14218925?target-ref=https%3A%2F%2Fweb.redwhatsapp.com%2F\u0026pcode-version=1303351\u0026pcodever=1303351\u0026comboblock-unencoded-vast=1\u0026ad-session-id=1338841765997075970\u0026target-id=46388873\u0026pcode-test-ids=1387855%2C0%2C30%3B1417626%2C0%2C59%3B1447439%2C0%2C57%3B1436999%2C0%2C62%3B1440155%2C0%2C54%3B1353317%2C0%2C18%3B1451289%2C0%2C90%3B1442331%2C0%2C93%3B1449507%2C0%2C37%3B1360192%2C0%2C9%3B1431900%2C0%2C77%3B681842%2C0%2C37\u0026csrf-token=897627ff77d041bfac1cab19ea86cbdd9e750906%3A1765997075\u0026pcode-uid=2510911041765997075\u0026pcode-flags-map=eJy1ld1P2zAUxf%2BXPAPKdwhvrn3bWBjbXDsp1YSuGFTaAwOkdR8S6v8%2BpUm7pYVm07S3KMnv%2BNyTY%2Bc1WDBnnWcTBQ1gcPHhNfh29%2Fh1GVwE0VmRJmdRkuVZcBKsll9W8qG9nWZRUcbB%2BvYkaJijDqYG0EmjhwpJGOXn%2BYBO0iLNzne0MjPiRnvQnkSNzEujyQJy0H6oNVSJizDvPDhnqZECTGtBTiXvNOSVRXAHlpY%2FXobDpGmcdnaEdJtJBDiPZkFw4wE1U8QRmJcNEBNUO0DiyjggaPY9HoqXcZEF65ORV7pBNMzJXUpL3lzC0PX9y%2Bd9ahvi1jVC3V0w4cZMbVkmpuaGrmuoW17UHH4no3eo9rMhcKZ4rZhvyesanKcr8JURNDVIc2TWAlKN6riXLMzSbKNquREwUqYkyaKDKub5hge9IS3CRAqaMK0ByRon%2FWgFoiKPj4g00smJVNIvaDv0%2F5GkufQVOY5GjcT2D%2FLSbZ4q%2BNMVemmPjF9KPSNLwO3VsJ6rx72KFWlSvknzv6K7giIgaAFIU2UMst2YQiJwf1wrycuy0%2Fq1tWjGfLXdxm5EIA2jrGtoxayVGpwjV2MDC5J8rwaf7p4ehsdUliRR0QVhnG%2FXZB5mBhdvV%2FNg9SyKz7dRKDYBRaYB7AMY2eZxkkTvodQeNhWwNtW5FL4aCWGnVTsg3Z%2BG3jNekauYMPNu20sxg7E8yyzsEullurO777Eyxh7lkzyM%2Bp9P%2FxW4AqZpDpMB9%2FR8%2BvyyOr1%2FXN49nX5fftxrRVSGYbC%2BXf8EB%2FIGNw%3D%3D\u0026pcode-icookie=Bb07LUbBRVkoFANr6KYkfX75XeXg%2ByeqG6gxTIArs6eftLZqfAtzcrsyfT%2B1QSiM%2FbAzXzo9mlSP4gEL%2B647H7IQCDA%3D\u0026disable-base64=1\u0026imp-id=1\u0026ecma-version=es2017\u0026same-node-hit-number=0\u0026test-tag=452449034829826\u0026tga-with-creatives=1\u0026top-ancestor=https%3A%2F%2Fweb.redwhatsapp.com\u0026top-ancestor-undetermined=0\u0026layout-config=%7B%22win_width%22%3A1280%2C%22win_height%22%3A1024%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A-1%2C%22isInIframe%22%3Afalse%2C%22w%22%3A1280%2C%22h%22%3A0%2C%22width%22%3A1280%2C%22height%22%3A0%2C%22visible%22%3A1%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A0%2C%22top%22%3A0%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A0%2C%22right%22%3A0%7D%2C%22req_no%22%3A0%7D\u0026grab-orig-len=2128\u0026grab=eyJncmFiX3ZlcnNpb24iOjJ9ChKkppAkx-8B1KPAuE3SxKge5bct-dKJIkWyZZ0Icm056Sjr1m9rcAEF4hUNbseW_lpPT4F33Q7nMQ4yD-Xw3ewMHt_95fH4eebxPFDvgXBXLqi2veMNsdH7aMvb2f0NcuTprPwbuY3xfp6t78beSPV_a4KxN7he8mLV5WBvhB-vQ9Jnzl-xN2Jftn-STncyc2Ni79W9DUizshX85jav7JU3-eyR3xzA-RJjRr7zee2-nIck9b74ddppdOn2W8_fMyQpfs8jlfD4EqNSQfOoPL43GdsfqxRI0oAVj8ly8y4zv9QowVdyJbp76ru4y2v0uDibPWnvxbnZpvDYkCAlXZYaWLPfZi9mj6ftdbz3-GQ4JfavzKZ4N9QkuMLNPtEx_dPYcXlnBm142wli8XZqHCb4YB24ydtorHYCliYiPy3HqU8pr75HT20s2-ZLVmol5PH7Usd0aPGycjMWn8Zttoaq9t06_TFvCQ88GC4EY3sCMTRRORxEiqbEuk9JbjdpE84wuD8A5jgOPRaJxbeJ3aqjyU0Q19mqvktSxtltK8es2iybkHp8PX73TiGwcr7vaknNfR-gnrEEWZyTKzGkHvRtVGFpfGJdI22kXJmV1S9DMDt2joUkirXRT985FYqUEYsuI82sNZoW3_Gqv05W0UOe6ItBq-l010v33iM_X-Js27T7-cEd78Dv1UK4F9IvaGyO7XoRWKmkn7vCqaIoj8Mi8DjCR9yAXpyUvDnt4JQbLqIka8MbKd76p6U8-Pn0i6D6uiA4WTdqRZp-tVhXfkwTmjZiQZoshG0yooI1xlf2uHK50_O-X0wFo_nM7aY7bbtdCi7Vcf2x8mT8To86APEpE1_eqAuJZtKOi1tnZ-qhI9VeacIvFrSCYMJSEHOOXK3uJ1emB27yiQjJJyK4qfV6JXGFJF9y1hjEYkzQYvn-l5L-aC_1ksbjnav-OAfIEERiviQpwCgVGunoWFwUTaraC3TjeauzTCdHYM-GQMt1baRf2UqPJuOdFLZg5wcAdWZuY8wPVnlFLo0ViRU-tFAMpYfm1Cuy5WyQPeX1PdybgfXN8G36f9RW3-hZmSNjYEYixZ8swj0ZT5-MbAWrN5XCsFGsclTbUhT5L5riF8bExLGtePxilYB31GQn6GuOzV1MBZywKMKIsBR_cBjifDCe0nLAaI5YCFGZK4fiUKj4mTHQcN4Yj_8MFlFlV-_OOuEJ_mtJRA78-m-I-y8e_xd1VpRqFVcRxhUzwowESjOuGCIc24qvb0bM009UZYOSzG6VQqdR5rvoQqWpNiEO1xhv3fHYoK161QJs1X9HCToOlsKOWISG88R4emSAwXGgHlMnUtg7Y-Auja-XBv9XDZRGTahWUMnAhlEojEJRhI6uND1HiM8sqw7TUQoPMiH63afL9J4gah99eqwHosh9UI36d_cuO97IVyRWq_MLkEP3E2jRJdTKFWpBFWotLqCMehPUQFPY5CECXdq1-LANbkwnVPOG-OWKsQl4ZvzoPiEWwL87_aHmSYato7TGLOcs2V-_-y-jxilYFTLrH7k505fLBI7V520y8HVl1joEz5JF-2l3Mjx2bqOcWkeafcnG5YL_NbJ7nWe5OFvuOgo02MWYLJnEOvfYeP_YE282OTXP-VpaP5oVcJkkneO23Fh12S5VRs3Xduz6kbFmllHvCK0NGXlZ-CPHtc0Zi3qBfgzJzK3KqGUQunmNYVACI0HGJM7ASihht5ZhNy3RzaKSjcmRdwSGZYwhibAFkRRobbPgEDOuW0EixgiAnRgjhAFnHmR5tjU2osF_qrOOLe8KyExLkskIqVmJisOMhAq6EFmTqGoI7jsPV-WIWSZxkchUhJJ96LE7oarcqEGz8hUaWKquiSfqDDllxCdRhq0vuB0Rsh_YAFklTzZVs_DQdFIHuzR_rpFwQJeB0QsjQMW4Oe5s3p47-5D3LUhxLxLv7m5_bou68-w6N40WfNYh3ImOHlm9aWA52wWyRCIKhcG3yG-RxZQYY9kw4FKSeXg93lixtypTA-I7HKMGsrizeai3FlS6diJblK-M89rIzaZW01ogFIcCUiCJk8-rWgqkoFDBDKCES0wgKgP4\u0026uniformat=true\u0026callback=Ya%5B6559734507094%5D HTTP/1.1\r\nHost: yandex.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://web.redwhatsapp.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nlast-modified: Wed, 17 Dec 2025 18:44:36 GMT\r\nx-content-type-options: nosniff\r\npragma: no-cache\r\nnel: {\"report_to\": \"network-errors\", \"max_age\": 100, \"success_fraction\": 0.001, \"failure_fraction\": 0.1}\r\nx-yandex-req-id: 1765997076304740-14847756905087692375-balancer-l7leveler-kubr-yp-sas-131-BAL\r\nx-ads-loadaverage: 0.242424\r\ncontent-encoding: gzip\r\nx-ads-queuetime: 0.042000\r\ncontent-type: text/html; charset=windows-1251\r\nx-xss-protection: 1; mode=block\r\nx-ads-loadaverageonarrival: 0.272727\r\ndate: Wed, 17 Dec 2025 18:44:36 GMT\r\nreport-to: { \"group\": \"network-errors\", \"max_age\": 100, \"endpoints\": [{\"url\": \"https://dr.yandex.net/nel\", \"priority\": 1}, {\"url\": \"https://dr2.yandex.net/nel\", \"priority\": 2}]}\r\ntiming-allow-origin: *\r\naccess-control-allow-credentials: true\r\nexpires: Wed, 17 Dec 2025 18:44:36 GMT\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nx-ads-degradation: 0.000000\r\nset-cookie: bh=YJT0i8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.yandex.ru; Expires=Thu, 21 Jan 2027 18:44:36 GMT; SameSite=None; Secure\ni=YWM7fbq7KGDQ7bcdvzrozSo/ApB3SkyAUXM3Z+0MWij5xTsey0qFRrkfw2vUrYEoCn349/JWelpr1Wi3cfaSLhs3OG8=; Expires=Fri, 17-Dec-2027 18:44:36 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None\nyandexuid=3876923751765997076; Expires=Fri, 17-Dec-2027 18:44:36 GMT; Domain=.yandex.ru; Path=/; Secure; SameSite=None\nyashr=983394781765997076; Path=/; Domain=.yandex.ru; Expires=Thu, 17 Dec 2026 18:44:36 GMT; SameSite=None; Secure; HttpOnly; Partitioned\nbh=YJT0i8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.yandex.ru; Expires=Thu, 21 Jan 2027 18:44:36 GMT; SameSite=None; Secure\r\naccept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Sec-CH-Viewport-Width, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Width, Sec-Ch-Viewport-Height\r\naccess-control-allow-origin: https://web.redwhatsapp.com\r\nx-ads-service-name: yabs-server.partner.meta\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":31,"size_decoded":0,"mime_type":"text/html; charset=windows-1251","magic":"exported SGML document, ASCII text, with no line terminators","md5":"c18ec38b5f1bf40436b27d4c26b2773f","sha1":"92c185043fd70b3799ad9445d8db0611439e809c","sha256":"102bc15a0d33bfa2c395de4283eb0aeb6e949d5cd2a150b4de21d0a09b6a9679","sha512":"adc6b11c2d4c57a99e16e2a12a8c6fcbd9ef9016e532c02f677d1b7c3ee2408f1be149186f0c21f6d17265b109d57d3ca795b6f351ffd90c7e8908d0fe35fe8a","ssdeep":"","tlshash":"8e80002c2c20a320aa80c82ab8c0820e8eb088880083a020020830ceaa0ea208c8082a","first_seen":"2025-08-18T17:18:25.864126Z","last_seen":"2025-12-17T18:45:03.425084Z","times_seen":6,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2024/08/ultimate-thumbnail-maker-150x150-1.webp","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2024/08/ultimate-thumbnail-maker-150x150-1.webp HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sat, 12 Jul 2025 16:13:48 GMT\r\naccept-ranges: bytes\r\ncontent-length: 3374\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tZg%2FMjvVeY3D%2FjHY%2BatCSTMaW6hxH6U%2BjYRaDdZRaS2NfSK5NRZLGxtOkFZTFzASjXHHE1Ln9qf8cmVeZQ1sfe29ijFYmQ4yGQ8Hsy8B7BFW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af892930cf10b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3374,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b656d502f9fd1611e9bb24cf9d399718","sha1":"a47cdc4153499d4e7494b8867c25dc95edf18dec","sha256":"d297d666bbb13030d8004b3de68371751a7dad963643d30aa342cfbf0ef7345c","sha512":"a57053c0e4036c87b1956c45471e4b8366d4d68edf8eaff4555950a3069094e53e44835bd4f64023a96bb3e3ee6bcdf8ae3764756df32e63efc1a9732e832f97","ssdeep":"","tlshash":"49613b34460ddc8e930ade6acf69a404b15f1d804553db1a110bc9776d885fb6092ad9","first_seen":"2025-08-18T17:18:25.830871Z","last_seen":"2025-12-17T18:45:03.426228Z","times_seen":3,"resource_available":false,"data":null}},"time_used":654,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":654,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/partner-code-bundles/1303351/ebbece0a8aceeb1ababe.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:35.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yastatic-net.ru","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 05 Nov 2025 12:46:11 GMT","end":"Tue, 05 May 2026 20:59:59 GMT"},"fingerprint":{"sha1":"BA:B8:C9:5D:AD:9E:A2:E4:3B:39:29:BA:EB:5B:C7:E5:05:B5:AF:82","sha256":"49:88:7B:7E:11:ED:24:22:87:2A:1A:23:E1:D6:37:AC:5C:14:DC:32:A8:13:3F:ED:35:6B:B8:E4:BB:8D:36:E4"}}},"request":{"raw":"GET /partner-code-bundles/1303351/ebbece0a8aceeb1ababe.js HTTP/1.1\r\nHost: yastatic.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://web.redwhatsapp.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Dec 2025 18:44:36 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 134711\r\nvary: Accept-Encoding\r\nnel: {\"report_to\": \"network-errors\", \"max_age\": 7200, \"success_fraction\": 0.001, \"failure_fraction\": 0.01}\r\ncontent-encoding: br\r\nreport-to: { \"group\": \"network-errors\", \"max_age\": 7200, \"endpoints\": [ { \"url\": \"https://dr.yandex.net/nel\"}]}\r\ntiming-allow-origin: *\r\nx-robots-tag: noindex, noarchive, nofollow\r\nstrict-transport-security: max-age=43200000; includeSubDomains;\r\nexpires: Sat, 18 Dec 2055 01:19:47 GMT\r\netag: \"8b9a5f53dc082cf44ffc1ae7168f1261\"\r\nlast-modified: Tue, 16 Dec 2025 15:46:18 GMT\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=946708560\r\nx-strm-log-split: 9\r\nx-request-id: c0947852cd9bcff6\r\ncache-host: cloudcdn-rad-09.cdn.yandex.net\r\ncache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":700834,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65496)","md5":"f87d6d30d53588a7cddda8b819ee2339","sha1":"3cc09b33c4dad28ebce642d06e381bfa91dd1d87","sha256":"dcfe93942d2e27b31125cc5e3bf2d5984045c87c5da5fc8a4f45e6b7730f99e8","sha512":"937aa0e7ef4fd7f49b2066c04ba9147f2109b147e51a48101ddb3bd0bc1faf7982d01c0f59538f959c496bb1e0d981948765298d8af4306a2f319555323a3dd8","ssdeep":"12288:pnzBEBDie5hG9Ym9IKWBv1ndhcvwQYHS0lOd23nhB74hNp1:oDh5hG9Ym9IKWBv1nYvwQYHS0lOd2j+F","tlshash":"6ce4f8d9fa5170b542e790e9c03f160ea23f751a700980e4b766ede26c74a8e6123f7d","first_seen":"2025-12-17T08:10:30.194253Z","last_seen":"2025-12-18T07:08:28.89478Z","times_seen":44,"resource_available":true,"data":null}},"time_used":149,"timings":{"blocked":49,"dns":1,"connect":14,"send":0,"wait":33,"receive":13,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7.4","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:33.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-includes/css/dist/block-library/style.min.css?ver=6.7.4 HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:33 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 12 Jul 2025 16:14:38 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 14225\r\ndate: Wed, 17 Dec 2025 18:44:33 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MARUbRXf4ehZevLr3%2BzONI0MoAhtdSEbyJlSHCwSAxdM7wByREpmPVn43uGcA4CusYRw808FTGKpDqZvNegCmlslv2%2FuhT0zUvhCpIHJfHdT\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: 9af8928cbc980b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":114706,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (59458)","md5":"8c9f31823282e4e056eb0aa7fac262a9","sha1":"dc3b1a37381e079fda8db59c1a9469852cd18b80","sha256":"3bb38d0f302677ff4104564454f60f495133579d6e6dfb722b3de850df596502","sha512":"39f239c875550bf9a31254eed1f0358ea3c6309d9fcbf6005d8852843eaf60bc20b8626d169f810a6c71b7dcdb769b8512314b89ba1fdeea2cb3089be9d21ae0","ssdeep":"3072:HaeJuf7Qg5MG7H+qehvP0x2pUk44Q03Pm:Qf7Qg5MG7H+qehvP0x2pUk4T0O","tlshash":"2fb3625417b4dcf935ffa73a5e4ee258a103aa41c68a67e7e066d190618ca490cf3f0f","first_seen":"2024-11-13T05:08:51.610493Z","last_seen":"2026-04-03T20:23:36.117163Z","times_seen":27428,"resource_available":true,"data":null}},"time_used":233,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2024/08/voice-recorder.webp","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2024/08/voice-recorder.webp HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sat, 12 Jul 2025 16:13:49 GMT\r\naccept-ranges: bytes\r\ncontent-length: 13482\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s3n9vAbcd2CoU1fFqM2xuEGZTrJET68lV3e9zwZtjrIa6EffgxUWcbIhuMBiCmZP%2BGRSMmUxOw1GHZc62bUaIQ2UFgXihQUyOtsJI3gnVU7m\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af892930cef0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":13482,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"37858ad0d337a8990f18157ed19089ab","sha1":"3e6797111ac5bed6e3ebac31ef29b5b722ab6742","sha256":"2c3972af169a8c161ef7d638d91128623ef7618ceda193299ae97f8e9c45e4f7","sha512":"0dbe230d127e897023dc54a3f746625956eb733cb9f56b29935fb1573bf9a0bd793f60b3a33e4e5ea7c22b08f5795376bbcf4ff54df5e29551f2d8883c70b118","ssdeep":"384:Fna5EbBMffYhg9qWlSeuQ4nltju7wQQei+ChmQxzflI:Fa5EbBMffYsqWIjnltju7Bi+CLflI","tlshash":"0052c0d5a841213968698b720d6c06e89c0acfcc5708775fdfe845543de80359768edf","first_seen":"2025-08-18T17:18:25.868861Z","last_seen":"2025-12-17T18:45:03.429044Z","times_seen":3,"resource_available":false,"data":null}},"time_used":866,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":865,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2024/02/AirBrush-AI-Photo-Editor-icon.webp","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2024/02/AirBrush-AI-Photo-Editor-icon.webp HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sat, 12 Jul 2025 16:13:21 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1348\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lS81rhRu%2Fpzhb5sUSGcAuoez2p%2BZ19mIHZwbFh9dJzEeUxLsH%2BEYAAbK7CQssohmsQS86Kyj9nYzghnjbunM7GL1hKQ4eq5%2FOcFsd6tJwCJt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af892931cf50b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1348,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 217x217, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ce782183c377b63493ac61fde3cac2f3","sha1":"2c6f907b646a91c171883fdf9ed30682edf45843","sha256":"0804b50a857a74351187606041efa66e23ba9b8b566525cbd39778e242355c33","sha512":"fda0001e4c97dff7a87958c5202f448a2b4f4efc32f616e4d72e5f2cae6b8b8f74f94e9294e20c9b794a65d9fff7a9408621fd8fae99d4aef9f40a7f94e7e0ce","ssdeep":"","tlshash":"2b21b60065aa85bf451be895c5f1a3ac13532586ddf38c008815a691a91afae22bdbb1","first_seen":"2025-08-18T17:18:25.832137Z","last_seen":"2025-12-17T18:45:03.430644Z","times_seen":3,"resource_available":false,"data":null}},"time_used":674,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":674,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/cropped-Red-WhatsApp-Logo-270x270-1-32x32.png","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:35.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/cropped-Red-WhatsApp-Logo-270x270-1-32x32.png HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:36 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 12 Jul 2025 16:14:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1258\r\ndate: Wed, 17 Dec 2025 18:44:36 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zBfvUgAWpwlRJQdkz6z%2BlYX7nqErqb%2BjDgk%2BJXlloUlfM3Sc42nkt%2F97Aho47VuPtnKiuXE1IiuqfMw1akc%2F6ayxLjBQz6Fox%2B%2BbQMhbdx%2Be\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af8929a8d6d0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1258,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"5074681b082c2c6d779868645380cfc3","sha1":"e7435401a8737c25b9db8cce6e527afcba326efd","sha256":"8b1528ef61b985ca1632f672d483e0790f2de0b7937de60e2759788b546887c8","sha512":"29bc02e3ec93d2a053d72cc0966cd6a1ce8b474f5b356c45a4374907ff4092e163412e805deac395a9904704a8c0c370097849ca566bcb46908243e358b15f1e","ssdeep":"","tlshash":"4821ea6186db88fddf7da5072a58b312e249ccd901193e580c18854f65f55b09cb4f50","first_seen":"2025-02-11T03:01:55.994644Z","last_seen":"2025-12-22T19:16:37.203697Z","times_seen":17,"resource_available":false,"data":null}},"time_used":1169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1168,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-17T18:44:32.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 17 Dec 2025 18:44:33 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-litespeed-cache: hit\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nNSBaTAPoEANQuiJRsvKvafchEL2eYiIgojkKZy0L1x%2FuNotaOMlT7A%2F3cjL8Jc9Xub2yoDwSUTGgI8HJ3m8mmz%2BfeYTs1lRBZgS7QQZq%2FLEfoI%3D\"}]}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9af89285ec244c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Yoast SEO:24.5","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Google Publisher Tag","description":"Google Publisher Tag (GPT) is an ad tagging library for Google Ad Manager which is used to dynamically build ad requests.","website":"https://developers.google.com/publisher-tag/guides/get-started","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["Advertising"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]}],"data":{"size":67816,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (8856)","md5":"cbb56ea65b0f71904a4e4a3b6d5763bc","sha1":"3534d15922d83214122d72323ef210a3e3e4faa7","sha256":"e08ab95d11fd928df0893009f04e341a5ce4cb616dcaccc49ea2a10c79bc0c75","sha512":"42817ac460b081326bce3096d76f1d3ce2a258f45985074ddbc6b73d4835846dea4a26a2f931fa31116e954fc464551d4017028d2414db439d23e03e029223bf","ssdeep":"768:9kiqBySEQz7vJy9Zdapz2GF9ON7tKi/+IkuKntfgE9+:9kiqByS57hyVapUN7tKi/+CKnRgE9+","tlshash":"676309b1d0f4127d690ec3e85625361c6f69921bc8828b79b3fc46905fc2ce6e1937ad","first_seen":"2025-12-17T18:45:03.432655Z","last_seen":"2025-12-17T18:45:03.432655Z","times_seen":1,"resource_available":false,"data":null}},"time_used":902,"timings":{"blocked":20,"dns":0,"connect":1,"send":0,"wait":860,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2024/06/al-quran-kareem-audio-quran.webp","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2024/06/al-quran-kareem-audio-quran.webp HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sat, 12 Jul 2025 16:13:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 13784\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fAm011XXfwHHdL3nKKpAQmeDYPcepPUV4TrPs6aSThOPAPGmER02f%2F2fXu7R6GLOMYGk5%2BZf76oOzKHUAx6nrtNhJGTbFff6Ae2i%2FI126eVE\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af892932cf70b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13784,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"aecd14d238c0756888e8e74cd861eb04","sha1":"2ab50f8b0b41b408728a818cfe4471e09ba5a7aa","sha256":"b74185e1b3382a96de77fcc749e420da514d738937a043aa93e30458f44dfa72","sha512":"46ac2849b2c95cc026552710f3c2e0c1c45ebfe290040b9ecb8bebccf376c1e7a75c41f35054e18daa1c5b1a3157b6bc903ee6ea95aa8cb66ddb97152d93d015","ssdeep":"384:viblvQBdj2/bghto+HPgZFAUquYVUxhopREDDVU8ueY9:vO8dj2/bM67F66/o3Yup","tlshash":"5352cfd4c39730d36614501c22727b9cd66f1b4a7a988d1ade85faf4f011a0ee34b996","first_seen":"2025-08-18T17:18:25.843766Z","last_seen":"2025-12-17T18:45:03.433713Z","times_seen":3,"resource_available":false,"data":null}},"time_used":879,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":665,"receive":214,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/safeframe-bundles/0.83/host.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:35.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yastatic-net.ru","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 05 Nov 2025 12:46:11 GMT","end":"Tue, 05 May 2026 20:59:59 GMT"},"fingerprint":{"sha1":"BA:B8:C9:5D:AD:9E:A2:E4:3B:39:29:BA:EB:5B:C7:E5:05:B5:AF:82","sha256":"49:88:7B:7E:11:ED:24:22:87:2A:1A:23:E1:D6:37:AC:5C:14:DC:32:A8:13:3F:ED:35:6B:B8:E4:BB:8D:36:E4"}}},"request":{"raw":"GET /safeframe-bundles/0.83/host.js HTTP/1.1\r\nHost: yastatic.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://web.redwhatsapp.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Dec 2025 18:44:36 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 8878\r\ncache-control: public, max-age=946708560\r\nlast-modified: Wed, 03 Nov 2021 13:42:58 GMT\r\nx-robots-tag: noindex, noarchive, nofollow\r\netag: \"f80882bf67cf261aa08d636da095149a\"\r\nnel: {\"report_to\": \"network-errors\", \"max_age\": 7200, \"success_fraction\": 0.001, \"failure_fraction\": 0.01}\r\nreport-to: { \"group\": \"network-errors\", \"max_age\": 7200, \"endpoints\": [ { \"url\": \"https://dr.yandex.net/nel\"}]}\r\nexpires: Sat, 18 Dec 2055 01:10:35 GMT\r\nstrict-transport-security: max-age=43200000; includeSubDomains;\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nx-strm-log-split: 4\r\nx-request-id: 4d0ef126e162c985\r\ncache-host: cloudcdn-rad-09.cdn.yandex.net\r\ncache-status: REVALIDATED\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33703,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (33703), with no line terminators","md5":"2435549eac66915d7464ee7b9efce038","sha1":"e390598fb192583622a8ea079d5c96dffdb34fb5","sha256":"34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55","sha512":"42a25f058316e5e947ba3149b56c81fd0e82f21d4b8109ef4fc529509d54235a0c0d7dd6212e381129b46ca72d81c4ae9e58cfae87557587727bf290fa1f3f09","ssdeep":"768:uKbdR7ii7FI+06HhV69ztBLEankCqH1UKW35V8tFOzbZ51QtD8JFtEDv/eKzS6Ei:TR3gKCzF5UEad","tlshash":"cee2a78e3295b43703c760f4903f210d65771d28a45a8894fa6bd4e23e7a84f527bf6d","first_seen":"2023-03-07T01:02:46Z","last_seen":"2026-04-03T20:05:01.750933Z","times_seen":22852,"resource_available":true,"data":null}},"time_used":211,"timings":{"blocked":74,"dns":0,"connect":36,"send":0,"wait":58,"receive":1,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/partner-code-bundles/1303351/bd2289ae9367c68b9f53.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:35.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yastatic-net.ru","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 05 Nov 2025 12:46:11 GMT","end":"Tue, 05 May 2026 20:59:59 GMT"},"fingerprint":{"sha1":"BA:B8:C9:5D:AD:9E:A2:E4:3B:39:29:BA:EB:5B:C7:E5:05:B5:AF:82","sha256":"49:88:7B:7E:11:ED:24:22:87:2A:1A:23:E1:D6:37:AC:5C:14:DC:32:A8:13:3F:ED:35:6B:B8:E4:BB:8D:36:E4"}}},"request":{"raw":"GET /partner-code-bundles/1303351/bd2289ae9367c68b9f53.js HTTP/1.1\r\nHost: yastatic.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://web.redwhatsapp.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Dec 2025 18:44:36 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 5042\r\naccess-control-allow-origin: *\r\nexpires: Sat, 18 Dec 2055 01:19:47 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 16 Dec 2025 15:46:17 GMT\r\ncontent-encoding: br\r\nreport-to: { \"group\": \"network-errors\", \"max_age\": 7200, \"endpoints\": [ { \"url\": \"https://dr.yandex.net/nel\"}]}\r\ncache-control: public, max-age=946708560\r\nnel: {\"report_to\": \"network-errors\", \"max_age\": 7200, \"success_fraction\": 0.001, \"failure_fraction\": 0.01}\r\nstrict-transport-security: max-age=43200000; includeSubDomains;\r\nx-robots-tag: noindex, noarchive, nofollow\r\ntiming-allow-origin: *\r\netag: \"df197aa9c2cbef7541a22c14e7ac550f\"\r\nx-strm-log-split: 7\r\nx-request-id: 846f9ac5bdbb034b\r\ncache-host: cloudcdn-rad-09.cdn.yandex.net\r\ncache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14938,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (14904)","md5":"60286b15ed92b907813635ab587670d2","sha1":"86f3e83fe3d051d8f3cfbc00dda468f7ec6e3dff","sha256":"c562b9a60e5bc6f527619b044a4d4d4b7a89cb894cb16444911c73a88be602fe","sha512":"489e5715cd298b3dd652396d1e39420985279dd13838a7bfb779c0369726253ae0053f0e44242e65b625b3e25400210c0908dda1f279c30f60f90b7bb6602a0f","ssdeep":"192:lwIIpb2spjlpQ7YX0lQsm+24OHKTXVEUHXSLe7trVfcxY9u4FdHN3vgfye/K193Y:lwvx2+lpQMXZ+2tHKTDSrxY9P6fyH4R","tlshash":"f962f79974d1b4a517db20bb413f150ff3b9a839684d80a0f222d8e97ef885c8167f6c","first_seen":"2025-12-17T08:10:30.092769Z","last_seen":"2025-12-18T07:08:28.912753Z","times_seen":42,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":74,"dns":1,"connect":34,"send":0,"wait":17,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/themes/RedWhatsApp-2024/assets/css/style.min.css?v=2.0","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:33.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/themes/RedWhatsApp-2024/assets/css/style.min.css?v=2.0 HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:33 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 12 Jul 2025 16:12:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2584\r\ndate: Wed, 17 Dec 2025 18:44:34 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gM180ZkV2Cv5iPURArcPOh0%2BBqV%2BOZ0z5T7mqimcbygiifbEQiTHOZZhUR0KCw5rEVRb5JHeS8wzLCijKVKIJeFetE03sdGn9lOy3U3N1YS8\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: 9af8928cbc970b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":11612,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11612), with no line terminators","md5":"8bc241eabe0f6dd92187c8059b93e3f3","sha1":"076b0a492817fa4bc84eb0c717a2575dfe6fc1db","sha256":"080e6c448f0974715edb882c58dc66d867ab8fe20cbdbd81ea5390c91aa6a6b3","sha512":"2068dd16c072e8a156fbcd96a624d6e3d22aa2074b072b254623b87c9bbbda0947f0c4dc15c758f4b27325ee91701c03e353e1b861cc58bd7112afe334c35795","ssdeep":"96:pJN0/SWlOjG5i59qEU64uGp6mmDfO2/ITWvqdkMuBTKVw9z0ZEvrLKS:pJFOOjG5i59QShDfOYvAuGa9zVvrd","tlshash":"e132972afd812029a537cb1a52e0bbe90539c215da220fffb3977e9085862c61773f15","first_seen":"2025-08-18T17:18:25.837913Z","last_seen":"2025-12-22T19:16:37.221604Z","times_seen":9,"resource_available":false,"data":null}},"time_used":688,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":688,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2024/08/azip-master-zip-rar-extractor-150x150-1.webp","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2024/08/azip-master-zip-rar-extractor-150x150-1.webp HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sat, 12 Jul 2025 16:13:47 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2340\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T3yzbcPpIK%2Ft1BbHZeKaKz79naoXGjpz2jxj6kR9W%2F5LADJjF9zS3E%2BNE21oWJcYHsmm%2BNnunkF1A2YWXMnauPBxKEvk2ygTO1p%2BC42JLX1o\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af892932cf80b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2340,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a59b7548dd82a1472143a746d7285815","sha1":"05f4f8f85fb3b40ae488fb44406823f83c0be967","sha256":"04d326472bf694851a4b92320eb47ea0ec0eb30e24e959e2068b69688051c7d6","sha512":"af2921c8a43b974eab999b0689a1065255460b78ce2c506410705ca76d57572af20be28a48104de621168ca506061db7c382f03dad4d659ef273e99fd9fddac1","ssdeep":"","tlshash":"78413bccfc789d56f390228641a7f49366432b23d3d773dbac0489b3cb524453640231","first_seen":"2025-08-18T17:18:25.875394Z","last_seen":"2025-12-17T18:45:03.439676Z","times_seen":3,"resource_available":false,"data":null}},"time_used":670,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":670,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/partner-code-bundles/1303351/2c2744783ab10d69cf03.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:35.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yastatic-net.ru","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 05 Nov 2025 12:46:11 GMT","end":"Tue, 05 May 2026 20:59:59 GMT"},"fingerprint":{"sha1":"BA:B8:C9:5D:AD:9E:A2:E4:3B:39:29:BA:EB:5B:C7:E5:05:B5:AF:82","sha256":"49:88:7B:7E:11:ED:24:22:87:2A:1A:23:E1:D6:37:AC:5C:14:DC:32:A8:13:3F:ED:35:6B:B8:E4:BB:8D:36:E4"}}},"request":{"raw":"GET /partner-code-bundles/1303351/2c2744783ab10d69cf03.js HTTP/1.1\r\nHost: yastatic.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://web.redwhatsapp.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 25355\r\nlast-modified: Tue, 16 Dec 2025 15:46:16 GMT\r\naccess-control-allow-origin: *\r\nexpires: Sat, 18 Dec 2055 01:19:48 GMT\r\nx-robots-tag: noindex, noarchive, nofollow\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\nnel: {\"report_to\": \"network-errors\", \"max_age\": 7200, \"success_fraction\": 0.001, \"failure_fraction\": 0.01}\r\ntiming-allow-origin: *\r\nstrict-transport-security: max-age=43200000; includeSubDomains;\r\netag: \"544dbc8408f7329644a7c73febe7f315\"\r\ncache-control: public, max-age=946708560\r\nreport-to: { \"group\": \"network-errors\", \"max_age\": 7200, \"endpoints\": [ { \"url\": \"https://dr.yandex.net/nel\"}]}\r\nx-strm-log-split: 4\r\nx-request-id: b62197f8fbec92b7\r\ncache-host: cloudcdn-rad-09.cdn.yandex.net\r\ncache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":128355,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65493)","md5":"a2c0de10e7644075949440fa11ffac38","sha1":"107b9b87289de396e3dd9eb63640dd80273e7e19","sha256":"d47e99736d98e641fde89c15714ff70eebd033d3f2d2d9ab4891bb24a48300e0","sha512":"e0366791646b3dc1ca7a957e4ab486c7b1eb00423f04e69bea0529cb305fce4e1662be2c85797292dd2864988cdeb7e049e847fd4f2b1a2aedb54e9c784982b4","ssdeep":"1536:A0Qh3OPDzoTE1T151SzBhNBSoZCM6yQNA4liPOgGUg6:ABYPQTE1Tv1wNBvZ/6ysi7","tlshash":"06c3f788f59274b502e790f8913f6a0ab33b5429702584f4b76deef19e7490e5122fbc","first_seen":"2025-12-17T08:10:30.117068Z","last_seen":"2025-12-18T07:08:28.905303Z","times_seen":43,"resource_available":true,"data":null}},"time_used":63,"timings":{"blocked":36,"dns":0,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/themes/RedWhatsApp-2024/assets/js/main.min.js?v=1.1.11","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:33.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/themes/RedWhatsApp-2024/assets/js/main.min.js?v=1.1.11 HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sat, 12 Jul 2025 16:12:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 78963\r\ndate: Wed, 17 Dec 2025 18:44:34 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nq4bPK2rum9zd%2FVgXKoqnp2Bnj9qjZn4LLah%2BflhmzOiL9LWegJmRMgKIyxOfpC%2BZU1%2FFXqv7kxyvgVERzEokbwDNhD8E882BtJ3YDgetJYQ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: 9af8928cbc990b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":258417,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"fbf5fd74ac11ecda50a91fd66ce6859e","sha1":"114bc0a09df69f9a273a0fee4f44b563baa9092d","sha256":"8b40f6e3ea5ff5fbd8f723706ece1ebca084ac4404632d848eb2079666f8a411","sha512":"8b3340e4bc5c84c05729d8bd62905512fa2758516fe755be5b3548558cc06e891a2bd05f59ed4bda9c188edbbd2a41e0dcb3b445f95a1b4e396471cba81d8588","ssdeep":"6144:SAIy6PuloluPQ47GKVP5L+c8R4r5ahjYkPYgsuYbD3qRRO8iJCWBfHf2hPrbKBTG:SAIPuylu5PfJre2Q","tlshash":"7d442acdb280703247ab60b5917f510ff2376859a40a8054f56cd8e92dbce89627bfbd","first_seen":"2025-08-18T17:18:25.866234Z","last_seen":"2025-12-22T19:16:37.189559Z","times_seen":9,"resource_available":true,"data":null}},"time_used":1077,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":860,"receive":217,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2021/11/Cubano-Mods-150x150.png","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2021/11/Cubano-Mods-150x150.png HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 12 Jul 2025 16:12:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4000\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kUClIat%2B1J2jGYbTEfOsFWjsCnYb%2BzWF%2BSxr%2BIvDJmCQeeTtQh6SZTfI2eyrdFdo9CyvjmKjYK2P87t6NpDwH0b5zlu8GrXLfaecGcerwK4u\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af892930cf00b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4000,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"9e0ba17e82f56dabdcfa0b633cd289ac","sha1":"0f6ead8a99a775ee49dcd61d56737c496566fe64","sha256":"de53adefbab7f566ac81305ea2d7e81d927dea601dec4e41f43ea32c0fd79975","sha512":"805f697ce89dd3981ba20c0589a1bddade6b2f80471a456b85d18a27e511371d9584d0210bd618db814f6637f52f19359951ae5e34e2f1ce6b6182e6e06a47f2","ssdeep":"","tlshash":"3d814c199355ad72e87a473a69450db9536f61fe0105470af2aeec52330d28dc2cfc2a","first_seen":"2025-08-18T17:18:25.829347Z","last_seen":"2025-12-17T18:45:03.443234Z","times_seen":3,"resource_available":false,"data":null}},"time_used":687,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":687,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2024/02/Sticker-Maker-for-WhatsApp.webp","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2024/02/Sticker-Maker-for-WhatsApp.webp HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sat, 12 Jul 2025 16:13:22 GMT\r\naccept-ranges: bytes\r\ncontent-length: 6818\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0d1DUyc2f50p5pT1cvUo0qXnYkehrRCzC2bZcs%2BZZF4KJj8LEU6nhD4b4AfKt6%2BmZdMnD0Ck7lWsUme%2FG%2FZ9q7hMtUhfVWIYH3dQE98unH2X\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af892932cf60b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6818,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"cd9e22d3372db1ff12a25d769572a98a","sha1":"fa5840b3b2f4b69d33c9c4cfd476fff72c7efff8","sha256":"179447fb51bda9db38c28c4f53b16dc70aaa69c20ced20d8bdfc157a4762356a","sha512":"adbe174b4fdc78720002e2a80cbb7efbb9780c364bf297a414c693e6b658bc0e30d4ec6a7a1b1d0cc893fea6df2e51d042b6fcb13bc8f1fa80434095c8c008cf","ssdeep":"192:x7r8sSTL1MXhW8HDMB9upGWGti+rYDPfirO/ge57dPr:xr85SJXhmi/d7D","tlshash":"ede18cec9856ea98e60c4b34e5201743dc877c4b6cd646cfe9b21286c4e626272931de","first_seen":"2025-08-18T17:18:25.873998Z","last_seen":"2025-12-17T18:45:03.444313Z","times_seen":3,"resource_available":false,"data":null}},"time_used":651,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":651,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2023/06/Hell-Boy-Red-WhatsApp.png","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2023/06/Hell-Boy-Red-WhatsApp.png HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 12 Jul 2025 16:13:06 GMT\r\naccept-ranges: bytes\r\ncontent-length: 95130\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BwhxQhxAP9GYiBS6YHu3%2F%2BPf1cq8HSEvlzpJCw7vXONuooo8%2FeYJz4b6y%2BsDH3iuwQbua3hMh6cnyEmLwl8lm%2B4AY9rPkRrJBdPHPHhCiHwF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af892932cf90b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":95130,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 431 x 432, 8-bit/color RGBA, non-interlaced","md5":"03881c6fb38fe87491f1fa462e66f508","sha1":"41ca9735fba3162fb713f22d1fb3dd81f9502355","sha256":"56c40f8f120cfc0606f7eded6543b03bc4b77251a395acbe03c7799494e621b7","sha512":"2aa9b8d41b61c5ad077321e6eddfeae37cf7d38ec413b51b373e96447e471168d0eb9a0902cee1d55fa705e863c993e508f21da7f75bf2e384d92b049bb2d59f","ssdeep":"1536:XOGDznzgJATQcAuWOgf9L0hWEv2s2mWckCLwyex+qnG/Rf1Eh+c:l0JAoOQWTbNqUwjQRfyYc","tlshash":"e39302a2b8ef4186f328fa44ff1d7f9ea9a3d510c2b55fa74c1234c22964ded8d66440","first_seen":"2025-08-18T17:18:25.870145Z","last_seen":"2025-12-17T18:45:03.445383Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1077,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":856,"receive":221,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-FX41G9V0BS","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.38.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:33.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 24 Nov 2025 08:38:53 GMT","end":"Mon, 16 Feb 2026 08:38:52 GMT"},"fingerprint":{"sha1":"14:1E:23:68:0E:D0:A1:C7:ED:6A:FE:20:1B:06:FE:F9:83:B2:99:F5","sha256":"61:AF:E1:FE:D1:A6:4C:C2:5B:60:60:94:B3:7F:5C:5D:34:BE:8E:AB:21:42:8A:97:07:E7:8A:B7:2C:91:5D:0D"}}},"request":{"raw":"GET /gtag/js?id=G-FX41G9V0BS HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 17 Dec 2025 18:44:33 GMT\r\nexpires: Wed, 17 Dec 2025 18:44:33 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 143113\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":433520,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"94b4588f372af5c9d59282048dc342b1","sha1":"f9beaca4f0664ff81461b1247c012c69a64f03dc","sha256":"7645ac51b8c283eb83909754525f02b7d86228d82d633ae61c970ab4e0051e26","sha512":"d8464c44b262dfc029034651ac711a3d64a5a937d70f8940fa630faa9d79ea82714bc00172403d5252645fad0d69333258b670777fa999c0efe950dda66794ee","ssdeep":"6144:D2Ie7ma2bulKY/1u99xHDmHYmyBFzvnsyRO6jJWoNPad4FpC1xY:TC8bu7/1mbrnsy39WbMpb","tlshash":"fe941ace73c674269396e078503f118ba57b29e2b45cc896f189cce42d74a9a4237f7c","first_seen":"2025-12-17T18:45:03.446195Z","last_seen":"2025-12-17T18:45:03.446195Z","times_seen":1,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":54,"dns":1,"connect":8,"send":0,"wait":30,"receive":24,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/themes/RedWhatsApp-2024/assets/css/bootstrap.min.css?v=4.3.1","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:33.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/themes/RedWhatsApp-2024/assets/css/bootstrap.min.css?v=4.3.1 HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:33 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 12 Jul 2025 16:12:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 23672\r\ndate: Wed, 17 Dec 2025 18:44:34 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AU8voRGFgDchlluzDCqE641Gbse0tlOoKI0w6fG7hzraqPojyuKAro3xWl6IwC%2FBqDJbFE8VfhQ8%2B%2FESLSbntLJZ9i0ueJPE8iMgn9atxRRL\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: 9af8928cac960b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":168537,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65320)","md5":"c7c48ceac141ae86d84e0a01638fb7d0","sha1":"1945bb25399768fc329ee330fbfcb73217b89fd4","sha256":"d38ac4c56bbe1e6e05f3ef8f0612c892d99ed6a76f11519ec4776f985d1562b2","sha512":"96959f031dcc157e86a6d8007a11a9fdd1777cc4931965ee2fef807ea5ff0b541ac9c16bcbb965e5a9a3da9e85dd4668440d2865f16f2f25966f806833e38252","ssdeep":"1536:R/xImT+IcCQYYDnDEBi83NcuSEk/ekX/uKiq3SYiLENM6HN26SfV:R/Riz7G3q3SYiLENM6HN26S9","tlshash":"c2f385a6f5a0312dd4a7c619a0d0bafd553f8145d7220bfbf8277b6487892c70a63e4c","first_seen":"2025-08-18T17:18:25.854637Z","last_seen":"2025-12-22T19:16:37.220771Z","times_seen":9,"resource_available":false,"data":null}},"time_used":868,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":657,"receive":211,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2023/07/YOWhatsApp3D.png","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2023/07/YOWhatsApp3D.png HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 12 Jul 2025 16:13:18 GMT\r\naccept-ranges: bytes\r\ncontent-length: 133192\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FCcDeupKjQIgDpUMTrf1wIAkTAOTyXPOGJw5kUrKSm7PXUcnxyoT3HQ4uc6L2g8tWrXGFYarL%2F%2BkGtlqe7sTtJ28jLIHvKy2Aam2bxEo22Gu\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af892931cf20b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":133192,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 432 x 432, 8-bit/color RGBA, non-interlaced","md5":"5014ed8cbaf0662187a019fd8dcab555","sha1":"8bb1891d240681b42d17c3aa88992fc9b8470cf6","sha256":"30a1726181a4f7067d29aeee747796fe4e470da1e5499e3a2ac29e2933cb092f","sha512":"4d2ef7b94f486b2205fe1c3ff8185eac9a7257971d7e3f32ac17b709bff33c055faf0aff6fd0a98565b2b5be049b63aaae5bb176b072ff004af99fa26ac2ad8d","ssdeep":"3072:niZ3omfEA6PlxwMkRfDmIEjYclapqdEKMHLfGX+guSjyGS2M:iZ3omfErxwM+DmLtpdDqrg+zfGSR","tlshash":"48d3137406282136d6ef50ec18f464240fc0edea2bf4b7d967f19b8e5d3d6a35291a2c","first_seen":"2025-08-18T17:18:25.841128Z","last_seen":"2025-12-17T18:45:03.44815Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":860,"receive":431,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/2023/07/NSWhatsApp-3D-Latest-Version-RedWhatsApp-Icon.png","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:34.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/2023/07/NSWhatsApp-3D-Latest-Version-RedWhatsApp-Icon.png HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:34 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 12 Jul 2025 16:13:13 GMT\r\naccept-ranges: bytes\r\ncontent-length: 20028\r\ndate: Wed, 17 Dec 2025 18:44:35 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HYqVnha9q8fVhJ6AezbeubBqZFGGJpuKvBgb4rkYCH%2B1DfdU%2FxcXrS9e7W8C3SWomAg1xM4%2FYRuYTzgcNCTH%2B86S1nwwqH2BUopm5TrkQI1Y\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af892931cf30b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":20028,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 217 x 217, 8-bit/color RGBA, non-interlaced","md5":"a2ab30f9e1844b31c96b1d3aaae71b9f","sha1":"e1640bc47c67a04e70c0a46f0b4d419bd4875e35","sha256":"1259c7165196f05d78a5bc699fc54a7568e1bc9ec7cff7b4704c965618732081","sha512":"1f8d30baf472d7698885369f671734088a02f8661ccb46d4e8f1e92a47da5456dad250ed99e1e192d5e1149734da12f6c2e63376e51d56ce2582f836f27c8a3b","ssdeep":"384:t2h1KfYtZTU4owAHCF3V9HJESkPtWj+Mi16cXR2hoWw7i:4h1kYfTUrHCF7GS/Ji7Ih9gi","tlshash":"6092d0157f4b130ce0daafd6b588c89b99925880027110da76cfc9617915b8e0befecf","first_seen":"2025-08-18T17:18:25.860756Z","last_seen":"2025-12-17T18:45:03.44922Z","times_seen":3,"resource_available":false,"data":null}},"time_used":869,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":838,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yandex.ru/ads/system/context.js","fqdn":"yandex.ru","domain":"yandex.ru","tld":"ru"},"ip":{"addr":"77.88.55.88","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:35.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yandex.tr","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign ECC OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 26 Aug 2025 08:03:35 GMT","end":"Mon, 23 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"7B:FF:02:81:48:EF:11:E9:F6:FD:BE:76:15:A5:57:2F:B5:AB:4D:B8","sha256":"CB:F2:F4:82:42:0E:5A:DA:F9:FA:58:F7:47:D8:16:57:DF:1D:5D:62:E0:76:47:38:38:20:65:93:68:B1:24:F8"}}},"request":{"raw":"GET /ads/system/context.js HTTP/1.1\r\nHost: yandex.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: br\r\ntiming-allow-origin: *\r\naccept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Sec-CH-Viewport-Width, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Width, Sec-Ch-Viewport-Height\r\ncontent-type: text/javascript; charset=utf-8\r\nreport-to: { \"group\": \"network-errors\", \"max_age\": 100, \"endpoints\": [{\"url\": \"https://dr.yandex.net/nel\", \"priority\": 1}, {\"url\": \"https://dr2.yandex.net/nel\", \"priority\": 2}]}\r\nexpires: Wed, 17 Dec 2025 19:44:35 GMT\r\netag: \"02b5114b53ae85c6d2e85679365aac3b-1303351\"\r\nnel: {\"report_to\": \"network-errors\", \"max_age\": 100, \"success_fraction\": 0.001, \"failure_fraction\": 0.1}\r\ncache-control: private, max-age=3600\r\nx-yandex-req-id: 1765997075647347-11373918944888564797-balancer-l7leveler-kubr-yp-sas-131-BAL\r\nx-content-type-options: nosniff\r\nset-cookie: i=f0nSpY9vKoezXSOpHfwb+1sX0+EO84GYotWCRX201l/J8FJMiX3MxaW/gpsUNCHVTzqP55zFv9M8pxr492DARCAE7qE=; Expires=Fri, 17-Dec-2027 18:44:35 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None\nyandexuid=5885647971765997075; Expires=Fri, 17-Dec-2027 18:44:35 GMT; Domain=.yandex.ru; Path=/; Secure; SameSite=None\nyashr=5201318221765997075; Path=/; Domain=.yandex.ru; Expires=Thu, 17 Dec 2026 18:44:35 GMT; SameSite=None; Secure; HttpOnly; Partitioned\nbh=YJP0i8oGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.yandex.ru; Expires=Thu, 21 Jan 2027 18:44:35 GMT; SameSite=None; Secure\r\nx-robots-tag: noindex, noarchive, nofollow\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":447841,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65491)","md5":"58f857e8c6c595b1a32bd5d53c672b19","sha1":"66e6354a6f47d764b7b6047d87588ac514008927","sha256":"a7538e01f82769a9e28c566123c9ac696bbb0fb1c4452ca00acee9bf8d3d45a7","sha512":"d6121ce98c2235de4ae4383896bb83e0a93f722d9ac38379308fbb61cc57ea9e2ee852d327babec45addf165bc0c88c6208f208bf5642cadbaa2bbe61e233d4d","ssdeep":"6144:XE41Oh19jMk7hRl4PLXdCn7oTJtKzYicGhKDM:l41+Ul4PLXdCn7oXfO","tlshash":"319408e975a1b4f203e391e5843f160fe33b5a29741d94a1b722d8d1ac29d4f5223f3a","first_seen":"2025-12-17T18:45:03.450127Z","last_seen":"2025-12-17T18:45:03.450127Z","times_seen":1,"resource_available":true,"data":null}},"time_used":332,"timings":{"blocked":128,"dns":17,"connect":46,"send":0,"wait":60,"receive":0,"ssl":79},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.redwhatsapp.com/wp-content/uploads/cropped-Red-WhatsApp-Logo-270x270-1-192x192.png","fqdn":"web.redwhatsapp.com","domain":"redwhatsapp.com","tld":"com"},"ip":{"addr":"104.21.49.171","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:35.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redwhatsapp.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 18:28:42 GMT","end":"Mon, 02 Mar 2026 19:26:26 GMT"},"fingerprint":{"sha1":"AB:C5:1A:6D:20:FC:86:F2:F2:6B:42:46:E3:0B:AE:EF:F3:D0:FA:31","sha256":"4E:9C:7E:6B:04:8A:50:BE:30:23:5F:CE:5C:B2:9C:8F:AE:12:7A:86:D6:51:71:4C:EE:6F:97:CD:C0:A1:BA:44"}}},"request":{"raw":"GET /wp-content/uploads/cropped-Red-WhatsApp-Logo-270x270-1-192x192.png HTTP/1.1\r\nHost: web.redwhatsapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nCookie: _ga_FX41G9V0BS=GS2.1.s1765997073$o1$g0$t1765997073$j60$l0$h0; _ga=GA1.1.598465028.1765997074\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Dec 2025 18:44:36 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 12 Jul 2025 16:14:37 GMT\r\naccept-ranges: bytes\r\ncontent-length: 18053\r\ndate: Wed, 17 Dec 2025 18:44:37 GMT\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3ySYEV%2FzTqU1Cr0PwtI7nXntbjVNYYB08a0h5iTNGMNHSdRhnwdBRvLIHBfv1c7aRxMQ6dmPot6FRud5KUz6SquzZori9tZmIQDN33MOGQ7c\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9af8929a8d6c0b55-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18053,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"7fcb7ca2bd7227480b5cdca1e651103b","sha1":"4802db62b939d30a3c55217950a918593c60cd6f","sha256":"93354e435a9cf2aa23ea5b5f54deb3f9af6eb1b5fb7d4322bcc89081c35c0ab4","sha512":"6c7e5754b21ac286ab58cef695426955a71b39a05eed7e50ecaa2229ac80c9e850c0d107aec323877ede46a1b9c019a6f5862693c30600fd7cb292b763bdae8f","ssdeep":"384:yN1PhgXF87gLgcEYGYIP8VYWZJgHwZL3jp+iu3pxbQhqS2f+v0fN:ghgXF8768YIEV9Jgu3/u3shDPvo","tlshash":"1582e0e3401330f3c51a3dd9d558f10309c42eb693687a8b60eb4fb4ca9aac2230f28c","first_seen":"2025-02-11T03:01:55.995691Z","last_seen":"2025-12-22T19:16:37.210926Z","times_seen":17,"resource_available":false,"data":null}},"time_used":1399,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1398,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-17","alert":"Sinkholed","trigger":"web.redwhatsapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/partner-code-bundles/1303351/e229b9a54e91db77ca32.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:35.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yastatic-net.ru","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 05 Nov 2025 12:46:11 GMT","end":"Tue, 05 May 2026 20:59:59 GMT"},"fingerprint":{"sha1":"BA:B8:C9:5D:AD:9E:A2:E4:3B:39:29:BA:EB:5B:C7:E5:05:B5:AF:82","sha256":"49:88:7B:7E:11:ED:24:22:87:2A:1A:23:E1:D6:37:AC:5C:14:DC:32:A8:13:3F:ED:35:6B:B8:E4:BB:8D:36:E4"}}},"request":{"raw":"GET /partner-code-bundles/1303351/e229b9a54e91db77ca32.js HTTP/1.1\r\nHost: yastatic.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://web.redwhatsapp.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Dec 2025 18:44:36 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 17563\r\nstrict-transport-security: max-age=43200000; includeSubDomains;\r\nreport-to: { \"group\": \"network-errors\", \"max_age\": 7200, \"endpoints\": [ { \"url\": \"https://dr.yandex.net/nel\"}]}\r\ncontent-encoding: br\r\ncache-control: public, max-age=946708560\r\nx-robots-tag: noindex, noarchive, nofollow\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 16 Dec 2025 15:46:18 GMT\r\ntiming-allow-origin: *\r\netag: \"7d17af534e94ffb51464316f5283c6c5\"\r\naccess-control-allow-origin: *\r\nexpires: Sat, 18 Dec 2055 01:19:47 GMT\r\nnel: {\"report_to\": \"network-errors\", \"max_age\": 7200, \"success_fraction\": 0.001, \"failure_fraction\": 0.01}\r\nx-strm-log-split: 1\r\nx-request-id: 27b2d5deef46571d\r\ncache-host: cloudcdn-rad-09.cdn.yandex.net\r\ncache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75241,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65495)","md5":"0adf15fed6fa56776547a744f5298839","sha1":"826a240aa3ad68951f5815b83d673d6e218b254f","sha256":"114deb46503fc49deb7582c53d9e9f486d07d0c5d7d936af83a32e2dc0bb6b85","sha512":"746f046366c47cac42428729dd630c8ed122bcd030fb860ce0e341e625a8bc4af583f22a2f425424d2176556d3eba55a1d2ce67eca10648af5b470f9d7745afd","ssdeep":"768:1axBshVVNu+NSW/lQSuZqyWEDVPmBD93yjDUSp0Bpnr2nAY17h8q:MxBqy7ZqrZBDNhBF6AYxWq","tlshash":"6b73ead97595b9ba02c3d8f1443f220ee37b9611711a6580b323dac1ec25adf5223e7e","first_seen":"2025-12-17T08:10:30.133521Z","last_seen":"2025-12-18T07:08:28.900897Z","times_seen":44,"resource_available":true,"data":null}},"time_used":128,"timings":{"blocked":53,"dns":4,"connect":14,"send":0,"wait":27,"receive":2,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yastatic.net/partner-code-bundles/1303351/885f2f1db6aa52089d50.js","fqdn":"yastatic.net","domain":"yastatic.net","tld":"net"},"ip":{"addr":"37.9.64.225","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.redwhatsapp.com/","date":"2025-12-17T18:44:35.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yastatic-net.ru","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 05 Nov 2025 12:46:11 GMT","end":"Tue, 05 May 2026 20:59:59 GMT"},"fingerprint":{"sha1":"BA:B8:C9:5D:AD:9E:A2:E4:3B:39:29:BA:EB:5B:C7:E5:05:B5:AF:82","sha256":"49:88:7B:7E:11:ED:24:22:87:2A:1A:23:E1:D6:37:AC:5C:14:DC:32:A8:13:3F:ED:35:6B:B8:E4:BB:8D:36:E4"}}},"request":{"raw":"GET /partner-code-bundles/1303351/885f2f1db6aa52089d50.js HTTP/1.1\r\nHost: yastatic.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://web.redwhatsapp.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.redwhatsapp.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Dec 2025 18:44:36 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 5753\r\nvary: Accept-Encoding\r\nexpires: Sat, 18 Dec 2055 01:19:47 GMT\r\nstrict-transport-security: max-age=43200000; includeSubDomains;\r\ncontent-encoding: br\r\naccess-control-allow-origin: *\r\nreport-to: { \"group\": \"network-errors\", \"max_age\": 7200, \"endpoints\": [ { \"url\": \"https://dr.yandex.net/nel\"}]}\r\nlast-modified: Tue, 16 Dec 2025 15:46:17 GMT\r\ncache-control: public, max-age=946708560\r\nnel: {\"report_to\": \"network-errors\", \"max_age\": 7200, \"success_fraction\": 0.001, \"failure_fraction\": 0.01}\r\netag: \"d2c4691cf4fca7b98cc91539a7920232\"\r\ntiming-allow-origin: *\r\nx-robots-tag: noindex, noarchive, nofollow\r\nx-strm-log-split: 3\r\nx-request-id: 9053696967b110e3\r\ncache-host: cloudcdn-rad-09.cdn.yandex.net\r\ncache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16372,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (16338)","md5":"aeffa811f13db31db553d463f76e317b","sha1":"5c664652556de603535d03d867be0048a892ec28","sha256":"0fd06e497f64d0c2c40ee30f087abf8ee53bf403a9b77b87185a72af5c21d2e9","sha512":"6cb9cd350351098746dc80385ca9d9531e91b6cda5f437dd653fa2efe89d75203d79884b353766a5615f88d6d56b3aae1da210d35bc2085dfca2c3ca4e9d0e6c","ssdeep":"192:VwtKXSO2dyacdF+mmFyZ0BUJV0gANkwNiWiN8XNVVSfMQniuv0bbjLIFTcueIlby:VwtKCOkydF+oVIbiHMyhvADhl","tlshash":"f97208fd7520b0205bdf30b6627f191ff378292e644c84a06706edfa29b491e5193fa8","first_seen":"2025-12-17T08:10:30.193422Z","last_seen":"2025-12-18T07:08:28.894012Z","times_seen":43,"resource_available":true,"data":null}},"time_used":127,"timings":{"blocked":48,"dns":0,"connect":13,"send":0,"wait":25,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}