{
  "log": {
    "version": "1.2",
    "creator": { "name": "DevTools", "version": "120.0" },
    "comment": "Plant forensique L3 — capture HAR de la session Kingsley_93 montrant le sous-domaine images.express-immo-contentieux.me résolu hors Cloudflare. Le DNS de ce sous-domaine pointe directement vers 185.107.56.42 (VPS offshore), tandis que express-immo-contentieux.me passe par Cloudflare. Bypass possible via dig images.express-immo-contentieux.me.",
    "pages": [
      {
        "startedDateTime": "2026-04-18T13:32:00.000Z",
        "id": "page_1",
        "title": "Express Immo & Contentieux - Dashboard",
        "pageTimings": { "onContentLoad": 1240, "onLoad": 2380 }
      }
    ],
    "entries": [
      {
        "startedDateTime": "2026-04-18T13:32:00.100Z",
        "time": 245,
        "request": {
          "method": "GET",
          "url": "https://express-immo-contentieux.me/dashboard",
          "httpVersion": "HTTP/2.0",
          "headers": [{ "name": "Host", "value": "express-immo-contentieux.me" }],
          "cookies": []
        },
        "response": {
          "status": 200,
          "headers": [
            { "name": "Server", "value": "cloudflare" },
            { "name": "CF-RAY", "value": "8b3e2c4a9d5f6e7a-CDG" },
            { "name": "CF-Cache-Status", "value": "DYNAMIC" }
          ]
        },
        "serverIPAddress": "104.21.13.245",
        "comment": "Routed via Cloudflare proxy — IP origine masquée."
      },
      {
        "startedDateTime": "2026-04-18T13:32:00.420Z",
        "time": 89,
        "request": {
          "method": "GET",
          "url": "https://images.express-immo-contentieux.me/logo.png",
          "httpVersion": "HTTP/1.1",
          "headers": [{ "name": "Host", "value": "images.express-immo-contentieux.me" }]
        },
        "response": {
          "status": 200,
          "headers": [
            { "name": "Server", "value": "nginx/1.24.0 (Ubuntu)" },
            { "name": "X-Backend-Server", "value": "vps-offshore-2" },
            { "name": "Content-Type", "value": "image/png" }
          ]
        },
        "serverIPAddress": "185.107.56.42",
        "comment": "FUITE — sous-domaine images.* non configuré pour Cloudflare. IP origine 185.107.56.42 (VPS offshore) directement exposée. Cross-check avec mail.express-immo-contentieux.me dans le .eml."
      },
      {
        "startedDateTime": "2026-04-18T13:32:00.510Z",
        "time": 67,
        "request": {
          "method": "GET",
          "url": "https://images.express-immo-contentieux.me/flyers/commer_04.svg",
          "httpVersion": "HTTP/1.1"
        },
        "response": {
          "status": 200,
          "headers": [
            { "name": "Server", "value": "nginx/1.24.0 (Ubuntu)" },
            { "name": "X-Backend-Server", "value": "vps-offshore-2" }
          ]
        },
        "serverIPAddress": "185.107.56.42"
      }
    ]
  }
}