{"report_id":"36b70292-859e-4ec5-a2cc-22378e25abd4","version":6,"status":"done","tags":["suspicious"],"date":"2026-01-01T02:57:22Z","url":{"schema":"https","addr":"fi.gt.tc/ei/infor.html?id=8509602168","fqdn":"fi.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.33","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","fqdn":"fi.gt.tc","domain":"gt.tc","tld":"tc"},"title":"التحقق من جهازك","dom":{"size":11028,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"60887872f7952c303b40e59b7bd5e23d","sha1":"d234e3e9a3626007e01b12eccdb30a4b3025c501","sha256":"324671a9365a82aaf036cefb5d9e01beb653f5c70fee8174d5e4226df176577f","sha512":"c22363b45220ace426773f10273b7e8062cbfe494e3dce1b663043a5817a0a6fd595ba7b7801740a326587473fba4ad81d807f1702905ab5c98e23a3de112a09","ssdeep":"192:pro9N6ckdMi7BHCcRQiUmPA6iws7LMiagIxBfTFilAFseTOIOiXcvqFoejAIRF0C:pro96W7GRbRFocLlS+/xkUQGl7x","tlshash":"5e32925b64b720126443f0388ba75749b279dc13d10fdc683f9e2684cf866999de3bac","dom_hash":"domhash7b1d02d7418ebb6ca9392faebb178ff2","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"fi.gt.tc/ei/infor.html?id=8509602168","fqdn":"fi.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.33","port":0,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-05T02:57:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-01-01","alert":"Detects file containing Telegram Bot API","trigger":"fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-28T22:14:05.525046Z","alert_count":0,"request_count":6,"received_data":62053,"sent_data":3190,"comment":"","tags":null,"fingerprints":null},{"fqdn":"errors.infinityfree.net","ip":{"addr":"104.26.8.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-04-18","domain_rank":3024566,"first_seen":"2022-05-27T01:14:37Z","last_seen":"2025-12-31T12:02:09.832589Z","alert_count":0,"request_count":1,"received_data":657,"sent_data":437,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ipapi.co","ip":{"addr":"104.26.8.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-04-19","domain_rank":7936,"first_seen":"2017-01-31T09:07:01Z","last_seen":"2025-12-30T12:31:20.408834Z","alert_count":0,"request_count":1,"received_data":2469,"sent_data":416,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fi.gt.tc","ip":{"addr":"185.27.134.33","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-07-25","domain_rank":0,"first_seen":"2025-11-01T22:46:13.661282Z","last_seen":"2025-11-01T22:46:13.661282Z","alert_count":11,"request_count":3,"received_data":12777,"sent_data":1620,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-28T22:17:10.032556Z","alert_count":0,"request_count":1,"received_data":5798,"sent_data":469,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-12-28T22:20:33.111263Z","alert_count":0,"request_count":2,"received_data":254184,"sent_data":1005,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"fi.gt.tc/ei/infor.html?id=8509602168","fqdn":"fi.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.33","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"e3989e3dbe03a687c8cbc075177b2155","sha1":"e654b5791e3fe2c2d9a2f48fcf55fa7c4682ad8f","sha256":"dad6d65a62be1273ebc77953b1a7bb16f26a8a195a84d9ebb04726e540a663fc","sha512":"f1c7e6c51ca4f54400f08b3cdecdeeac081dac25414b375836b52969db06835a1315b7a4c32e0f78123e8a3a102db41adda4597160920c8d8882611fbb0ea55a","ssdeep":"","tlshash":"22f00274e17075d48bc21051047bd64ba0675ba2f543c4bb8402527859c29ed1999e3a","size":623,"data":"","first_seen":"2026-01-01T02:57:24.273314Z","last_seen":"2026-01-01T02:57:24.273314Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fi.gt.tc/aes.js","fqdn":"fi.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"756722c3542f271367cc3b074113a8ee","sha1":"c5c24b4cfc44d597fb7d82d79a7dcea4a8d07e2b","sha256":"ed1d3bd967abe66cff832561cb911c572a2f85fd6cffc32ef3cec68dbc60c7ce","sha512":"ec3293d425646848dc2cf5d3cebae22b91d99461d3565ed17599af961f6f0062167446f732e91ade94f7e589000cda7e85259a217c5ce571bc11c175435a4290","ssdeep":"","tlshash":"8d1150a5034607bcf6cd0ec8c40a321a21f1c04abe2112c9afb36ae77c3b8840034e26","size":1000,"data":"","first_seen":"2025-03-10T10:15:36.223346Z","last_seen":"2026-04-09T12:27:24.274494Z","times_seen":1706,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","fqdn":"fi.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.33","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"9c874f22c61caa38b9c76726644125cb","sha1":"2fda1c3a9b47c4e2cb6a9b868d1f809d57c24159","sha256":"8b40afc367f7734fd8bfb1ceaabada8bcc973da629a8e8059b9257824befc50d","sha512":"b547b392fd598aa233e184c52c8a86b709663024e5f69f1866c87d9375ad332f40ffea4bc28fb7cdca0726ead7908b85a841df5c26473e6382c7fd202af32bd2","ssdeep":"","tlshash":"4d81556624bb601241a3f02ec7879404b0339c17660eec50bfae8a415f5757e9673bfd","size":3940,"data":"","first_seen":"2026-01-01T02:57:24.274905Z","last_seen":"2026-01-01T02:57:24.274905Z","times_seen":1,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-01-01","alert":"Detects file containing Telegram Bot API","trigger":"fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fonts.gstatic.com/s/tajawal/v12/Iurf6YBj_oCad4k1l4qkHrRpiYlJ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:02.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/tajawal/v12/Iurf6YBj_oCad4k1l4qkHrRpiYlJ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fi.gt.tc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 9024\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 25 Dec 2025 10:06:36 GMT\r\nexpires: Fri, 25 Dec 2026 10:06:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 579026\r\nlast-modified: Mon, 08 Sep 2025 17:58:08 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9024,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 9024, version 1.0","md5":"10367de774c951da6562045f10109cb5","sha1":"18fca0c18f6e08f89b4f05cfc086382deece9d88","sha256":"fa5e72326681abee3a4952be582e1c2c2abb27932ef262610c078ce89541f919","sha512":"ea32eaf0b69c085dbdbe38d99153c6a7e4bce339391a7640db6ee415532387fdd168b4aae21a91cc8a2826d964f1b26ce5bdad42c85747808689f7ba9d0e2165","ssdeep":"192:zRHNs0HoBStpjkOacpBtQd7D7RW2qbd/45yWIs:lt3HuwpjkWRI37RWhlwqs","tlshash":"6b12bfe26e7e490ac4ffc2710ad8a0167af14ee8d6ba34f9d04612d5926f7dc0e48d4d","first_seen":"2025-09-09T12:45:33.159376Z","last_seen":"2026-04-09T05:20:02.393391Z","times_seen":708,"resource_available":false,"data":null}},"time_used":322,"timings":{"blocked":152,"dns":5,"connect":9,"send":0,"wait":24,"receive":3,"ssl":116},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/tajawal/v12/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:02.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/tajawal/v12/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fi.gt.tc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 9900\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 27 Dec 2025 10:58:34 GMT\r\nexpires: Sun, 27 Dec 2026 10:58:34 GMT\r\ncache-control: public, max-age=31536000\r\nage: 403108\r\nlast-modified: Mon, 08 Sep 2025 17:57:59 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9900,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 9900, version 1.0","md5":"7256be46335261573e1ab1dc7f6539f0","sha1":"abeac1b7890a903ac951c522bc9b3039ec6fa1f8","sha256":"9986de5db80ec050300f1cea25d651a5779ae62b91a39b5667ac23d0c7668cbb","sha512":"16a93177eb4340d61c62e2d9605c8249b0558aa42d6490210e94939fb155379f0694c72225b55e471979134cc111104867676cebc5901af21aa4818821e3591b","ssdeep":"192:QC2S9zsmVUjqM+Xtixu2qtVhsLlYcPOYnOpTg++DaN8K0EUiBbxm4:RVXXtrRhsLp2yug+hCqBbp","tlshash":"ef12b01858048c6ef2f29c522a4d2ab2c403a27fd9d3e6a65f452221df816be717dc0e","first_seen":"2023-04-30T20:16:01Z","last_seen":"2026-04-08T15:01:20.240939Z","times_seen":1165,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":284,"dns":0,"connect":31,"send":0,"wait":21,"receive":2,"ssl":247},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/tajawal/v12/Iurf6YBj_oCad4k1l8KiHrRpiYlJ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:02.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/tajawal/v12/Iurf6YBj_oCad4k1l8KiHrRpiYlJ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fi.gt.tc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 8940\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 27 Dec 2025 10:43:21 GMT\r\nexpires: Sun, 27 Dec 2026 10:43:21 GMT\r\ncache-control: public, max-age=31536000\r\nage: 404021\r\nlast-modified: Mon, 08 Sep 2025 17:58:00 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8940,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 8940, version 1.0","md5":"899cfbe65444a0ff90b804c565720260","sha1":"bd45ba01bae3c1d1f4f4d7816efd25bfbd279519","sha256":"4255019c1cd986f7cda7869df69baf72730d61304ae14baba4acfeb13085da54","sha512":"a619787519e98ad44bd392e29bd2ba4fa9e2e8e789b8ee6d9d622ba90a67313784cb39294c8fa97667903e1d4655e8e7f1930b7761d3343677f1cb36e4ee5e2c","ssdeep":"192:iP7W7+Tsl5ABfjDyyLDUnXkiCCH0RuXei0hOWRbmmccytICN8Vzw:iP7c+TOaFiyLYXk3g0gt0hO8mKytB8u","tlshash":"3202beb82817184ee83db8b52f64cab999941e918d836772c4b1b5162bed0d889e3706","first_seen":"2025-09-15T03:42:31.776868Z","last_seen":"2026-04-08T13:32:08.414174Z","times_seen":401,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":121,"dns":1,"connect":29,"send":0,"wait":21,"receive":12,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/tajawal/v12/Iurf6YBj_oCad4k1l4qkHrFpiQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:02.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/tajawal/v12/Iurf6YBj_oCad4k1l4qkHrFpiQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fi.gt.tc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 9996\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 25 Dec 2025 10:01:19 GMT\r\nexpires: Fri, 25 Dec 2026 10:01:19 GMT\r\ncache-control: public, max-age=31536000\r\nage: 579343\r\nlast-modified: Mon, 08 Sep 2025 17:58:02 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9996,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 9996, version 1.0","md5":"e9c38c1110be8eac901fbe1fa4dff374","sha1":"aba40d14b54e93d55124da50975b075c28969a41","sha256":"de8f431c146ab1feb612cb7ced0842ae5c4e2f12067d13db0badeca73977200b","sha512":"63d09f9af1dc5527a7a83742816db935c4f9a68dd6e0aa0cb8123c9800445cf98d9ccb4540ac72f22169acbb4fdf74d4efe294594c7fee86f340bf4e5314b493","ssdeep":"192:RroSo3j4T8CjdN21Sqp4LRD0BR3UeVyEwisPtNLMlhjP9hMyCoI7:Rrhoz4bBqqlDy5UTdisPPMrjPDCL7","tlshash":"6922cfe37d2c35a4c36f0a39c9c00f3e85d41e826ea4375aae744f35e4917a7a64163b","first_seen":"2023-04-05T13:22:44Z","last_seen":"2026-04-09T05:20:02.422076Z","times_seen":2842,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":156,"dns":1,"connect":20,"send":0,"wait":27,"receive":6,"ssl":131},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/tajawal/v12/Iura6YBj_oCad4k1nzSBC45I.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:02.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/tajawal/v12/Iura6YBj_oCad4k1nzSBC45I.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fi.gt.tc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 8932\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 27 Dec 2025 11:00:49 GMT\r\nexpires: Sun, 27 Dec 2026 11:00:49 GMT\r\ncache-control: public, max-age=31536000\r\nage: 402973\r\nlast-modified: Mon, 08 Sep 2025 17:57:54 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8932,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 8932, version 1.0","md5":"d595af28c13f0b004eb0a9694d397e61","sha1":"86dcc0150b2d71bb8c17ec11682cd0babe8256be","sha256":"6c9081fd00db08800850fa7d214593aa94992be5159e97557aa60197252cb95a","sha512":"5d0bafd869e5f466fef09a129e16487dd4d9a9c21d467b68593c3c11ede20d2a0d5162e475a7bbbe28b02aace228afd421fcf58823244ce9edc2a1f967462bea","ssdeep":"192:9Ty/JTr6kaUufAoHUywnSBHrO5msif/nOAQthEck:Q/5ONHl/rt/N","tlshash":"da02bfd97089ea14d057603e1014c1d6db1ea4bd1cae4c8f280bd7ad3eede13be24524","first_seen":"2025-09-09T12:45:33.076239Z","last_seen":"2026-04-09T05:20:02.509199Z","times_seen":898,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":146,"dns":1,"connect":8,"send":0,"wait":23,"receive":4,"ssl":137},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"errors.infinityfree.net/errors/404/","fqdn":"errors.infinityfree.net","domain":"infinityfree.net","tld":"net"},"ip":{"addr":"104.26.8.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:02.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"infinityfree.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Dec 2025 18:28:04 GMT","end":"Thu, 26 Mar 2026 19:27:52 GMT"},"fingerprint":{"sha1":"AD:AC:6A:92:F0:7E:1F:96:89:B4:DD:CC:BD:4F:F3:3F:AA:FB:8F:DE","sha256":"16:25:0A:47:85:C4:FD:AA:C5:92:AB:45:1C:01:49:C4:D0:3B:AA:EF:E6:FC:5F:2E:AF:05:51:DC:79:0E:48:7F"}}},"request":{"raw":"GET /errors/404/ HTTP/1.1\r\nHost: errors.infinityfree.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fi.gt.tc/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Thu, 01 Jan 2026 02:57:02 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncontent-security-policy: frame-ancestors *\r\nx-content-type-options: nosniff\r\nx-frame-options: ALLOWALL\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X5pigEq5Ux1gQP%2FlAF4nlMXnHMadu9D76NBxFiEj8fDZkFfOSnCYK2AVpSFAgzjYpyTl4WtUyrnbjlJdCZTondcSaMsmCwPqyLOGtcRPdaKn8A%3D%3D\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b6ebf36db39569a-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-09T13:28:35.973848Z","times_seen":13540758,"resource_available":true,"data":null}},"time_used":226,"timings":{"blocked":0,"dns":28,"connect":1,"send":0,"wait":175,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ipapi.co/json","fqdn":"ipapi.co","domain":"ipapi.co","tld":"co"},"ip":{"addr":"104.26.8.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:05.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ipapi.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 19 Dec 2025 12:14:55 GMT","end":"Thu, 19 Mar 2026 13:14:43 GMT"},"fingerprint":{"sha1":"9F:6D:86:C5:B8:42:73:79:95:D9:AD:A7:9E:37:F2:54:CF:A0:9C:90","sha256":"C1:37:01:B7:C2:DD:54:62:A0:93:A6:F0:05:9D:5A:0C:55:E4:49:78:D8:DD:C8:9D:B1:B8:6B:75:83:70:B2:28"}}},"request":{"raw":"GET /json HTTP/1.1\r\nHost: ipapi.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fi.gt.tc/\r\nOrigin: https://fi.gt.tc\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 01 Jan 2026 02:57:05 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nallow: GET, POST, OPTIONS, HEAD, OPTIONS\r\nx-frame-options: DENY\r\nvary: Host, origin\r\naccess-control-allow-origin: https://fi.gt.tc\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\ncross-origin-opener-policy: same-origin\r\ncontent-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.paddle.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://ipapi.co https://maps.gstatic.com https://maps.googleapis.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://*.stripe.com https://*.paddle.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://ipapi.co/ https://*.paddle.com https://*.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jWe%2B0rRHKaLVzs4XPzNK5qBnYntarZ86I4ZZHHJtsj5gzR8i%2FsYFv%2B6vrrobUM%2BVqSW1WU9hR2ephUFOzMRR6fbjULT8\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9b6ebf494ce256c7-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":748,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"460b460d57658b5fd29c5e4934445c33","sha1":"24a724b25ef1401657cafa588835edfb9f7ef1f7","sha256":"93eefe1243dfce9ac06bf199cc9962e610bab6bff4f096662a357d27c9aefa70","sha512":"127d42078b0a87c6d0a70bd359dbcf50844e871ae9e98875a63f2303950b50bcc04fdb72df3f2e157dde3c019355fb67791147d38d6c3c570e1bde1d3b8f31c2","ssdeep":"","tlshash":"a9012428e4680e7b88b80358b4286a07122422075f16354e7fd4878d0f8d8bf20b124e","first_seen":"2025-12-17T10:03:05.72606Z","last_seen":"2026-03-25T09:03:12.863773Z","times_seen":3067,"resource_available":false,"data":null}},"time_used":320,"timings":{"blocked":39,"dns":21,"connect":1,"send":0,"wait":241,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","fqdn":"fi.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.33","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-01T02:57:01.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 15 Oct 2025 00:00:00 GMT","end":"Tue, 13 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DA:EB:27:B1:51:C0:BC:8E:B2:A9:26:0E:16:A2:B6:2B:F0:9D:BD:E8","sha256":"70:22:61:01:3C:2D:18:29:ED:7E:A1:6E:5F:B9:E1:73:AA:0D:7C:34:A8:2A:C7:A0:31:1C:81:BF:19:7D:9E:3F"}}},"request":{"raw":"GET /ei/infor.html?id=8509602168\u0026i=1 HTTP/1.1\r\nHost: fi.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fi.gt.tc/ei/infor.html?id=8509602168\r\nCookie: __test=02f7a18e11d7f92f587f4d1fc6d129e3\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Thu, 01 Jan 2026 02:57:01 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 11054\r\nConnection: keep-alive\r\nLast-Modified: Wed, 13 Aug 2025 15:32:14 GMT\r\nETag: \"2b2e-63c40dc6d7b80\"\r\nCache-Control: max-age=2592000, public, proxy-revalidate\r\nExpires: Sat, 31 Jan 2026 02:57:01 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11054,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"4b877f5cee59255771443ba0ed7b556e","sha1":"87ee5ed6e8afbfb74379685026a4d55624497070","sha256":"c459497751e8c70b2c722e627ab6b580d23ed80be8947f02faa183ba88ea429d","sha512":"d45ab8e0b28a6841d2e04e543c83730b9649d712077e27d4256cc8d1a94c810a4ceb136d2bf78160081110e9a2dfd30afa9ade5eabfdb5ce7d3077cbd2ee2fca","ssdeep":"192:Hro9W6ckdKxi7BHCcRQiUmPA6iws7LMiagIxBfTFilAFseTOIOiXcvqFoejAIRFF:Hro9PW7GRbRFocLlS+/xkUQGl7P","tlshash":"4b32825b64b720126043f0388ba75749b239dc13d10fcc683f9e1684cf866999ee3b9c","first_seen":"2026-01-01T02:57:24.268466Z","last_seen":"2026-01-01T02:57:24.268466Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-01-01","alert":"Detects file containing Telegram Bot API","trigger":"fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Tajawal:wght@300;400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:01.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css2?family=Tajawal:wght@300;400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fi.gt.tc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 01 Jan 2026 02:57:02 GMT\r\ndate: Thu, 01 Jan 2026 02:57:02 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5112,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (649)","md5":"e1e1f38a60954007044c8ab9c5a71f94","sha1":"16100cb3615263e700055b7326051039c85c4459","sha256":"83a5993777bca29547643edbe6b90a885077c7f75b2fd0efaefe7a4b3b6c1384","sha512":"1d13970a9405d89b5ea87e5ee0143c1774cf95122dceb4490730662a14cb880f87d801e10fa4b94120eb986f7b921b71264d6b194088bdc6f6b5b4e44c51e36e","ssdeep":"96:fO1aDA0Zl8DCK9cHBO1adNCOEacA0Zl8DCK9cHBOEaJNCOXarA0Zl8DCK9cHBOXw:VYCln97ClOqwClNc0dClrY","tlshash":"efb1aee4881f42c5bb471d82638d6a27dd4ee1a920c0886cdafd178b9c9bc25736078c","first_seen":"2025-10-01T18:44:32.450243Z","last_seen":"2026-04-08T21:11:16.00107Z","times_seen":61,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":158,"dns":1,"connect":20,"send":0,"wait":32,"receive":0,"ssl":145},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:01.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fi.gt.tc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 01 Jan 2026 02:57:01 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 18752\r\ncf-ray: 9b6ebf328ce40883-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"6421d693-4940\"\r\nlast-modified: Mon, 27 Mar 2023 17:46:59 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1288922\r\nexpires: Tue, 22 Dec 2026 02:57:01 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=6IFRS2i2fRZ8d%2F9ELlkQGNUJ0JfbW5zX7iWmhN3crmwfwyaBpLBeDjgWBt18fI6EhVepcW6iKG2dA76u7Y307dybX%2FTosFsQJxfxFGEvf%2FTzh3Hq0siGMsLH%2FJWX1Px59StNOInk\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":102025,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (52276)","md5":"ded1c367363e8b20bdc6a19b8350a737","sha1":"8c06d82739d14b094ff6d9036021a252bd1d985d","sha256":"1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf","sha512":"89e71d2e66ac925ec2564aa45cd43f647fd72e5bd664e2728fb632eed71e9e6a43d72a404a8ce9993fc4d223ed985201e3a66676d01cf5e341bc7d07fd9a6207","ssdeep":"1536:OwMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPGuZprfZCl:S709gMGFiyPGuZpfZCl","tlshash":"2ea3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-04-06T15:05:25Z","last_seen":"2026-04-09T13:25:24.340093Z","times_seen":42798,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":20,"dns":2,"connect":1,"send":0,"wait":10,"receive":3,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/tajawal/v12/Iura6YBj_oCad4k1nzGBCw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:02.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/tajawal/v12/Iura6YBj_oCad4k1nzGBCw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fi.gt.tc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 10256\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 25 Dec 2025 12:45:29 GMT\r\nexpires: Fri, 25 Dec 2026 12:45:29 GMT\r\ncache-control: public, max-age=31536000\r\nage: 569493\r\nlast-modified: Mon, 08 Sep 2025 17:57:54 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 10256, version 1.0","md5":"f18eb7346bae415c6367ed0907125227","sha1":"a9e8e937c5afc2f9feb46bfcb8fa854728a494a8","sha256":"b081f7bf790678b56a2c0502651d6873cbabc09e78fe40655df15f918b1e369b","sha512":"87f620cfdfd5c1abddde9d19346cc0ab34fecfa359933fd31517ffd4bc6faad040c033bd89ace9d5ba00b7a51aaac2df73417d99e3535ba970c744312e415e7f","ssdeep":"192:f1Hlb/UvbtLTSjJACmwJCyE5+oa77IdgOpb9d8mKWyu1rPj13BFnFTlqy7:fLKLOnma1WXaypRjVXFJqG","tlshash":"dc22b012a0e8988cde26a1be4eec55ddc12b1f0ff1a70f518c7de58bce51722a05e4a1","first_seen":"2023-04-05T08:50:32Z","last_seen":"2026-04-09T05:20:02.361441Z","times_seen":3212,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":152,"dns":1,"connect":20,"send":0,"wait":22,"receive":3,"ssl":128},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:02.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.0/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://fi.gt.tc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 01 Jan 2026 02:57:02 GMT\r\ncontent-type: application/octet-stream; charset=utf-8\r\ncontent-length: 150124\r\ncf-ray: 9b6ebf342d7f56c4-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\netag: \"6421d693-24a6c\"\r\nlast-modified: Mon, 27 Mar 2023 17:46:59 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1038553\r\nexpires: Tue, 22 Dec 2026 02:57:02 GMT\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=98bL%2BS1XNOSIQ%2Fk0qMKJ9rB2jn34x1wpHO3VeBh7o8LeLtnddpUvbOeM07dz0TCfDrM4IJhIziOIe38jnlZ%2B672H8H97pxRMMIIqaONMEt18x2mq4l4WtIg6S1%2FAH9u%2FErsUQQQK\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":150124,"size_decoded":0,"mime_type":"application/octet-stream; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 150124, version 772.256","md5":"c64278386c2bbb5e293e11b94ca2f6d1","sha1":"6b99aa650bd12a36caa14e0127435d8f4cd3ba73","sha256":"7152a6933ee3d690ec2af3d09da9d701723d16aa3410a6d80f28ff8866f3b880","sha512":"0ccdc1515510d902c0b4a48b863c48bad86e1f766b1f9c890a64e28d91ee7c6d488241c531fc094d15b29c211da71e092587a987e24ee8e67ef8ea99c284e821","ssdeep":"3072:7sCbk7w0ZXdkN6iMjif3Lr7x7wAtf+D7gDk1feXDLnurWHqrNIuv5n0:7sCbkFZXdC7MaLr9w2mIY1feXXurWyNW","tlshash":"28e3123cf2c6d486735f5aeadb79636894fd0a2e74ecc67d26b982112048f828174d1d","first_seen":"2023-04-09T20:30:06Z","last_seen":"2026-04-09T13:25:24.344102Z","times_seen":31232,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":22,"dns":1,"connect":0,"send":0,"wait":15,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fi.gt.tc/favicon.ico","fqdn":"fi.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.33","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1","date":"2026-01-01T02:57:02.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 15 Oct 2025 00:00:00 GMT","end":"Tue, 13 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DA:EB:27:B1:51:C0:BC:8E:B2:A9:26:0E:16:A2:B6:2B:F0:9D:BD:E8","sha256":"70:22:61:01:3C:2D:18:29:ED:7E:A1:6E:5F:B9:E1:73:AA:0D:7C:34:A8:2A:C7:A0:31:1C:81:BF:19:7D:9E:3F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: fi.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fi.gt.tc/ei/infor.html?id=8509602168\u0026i=1\r\nCookie: __test=02f7a18e11d7f92f587f4d1fc6d129e3\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: openresty\r\nDate: Thu, 01 Jan 2026 02:57:02 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nContent-Length: 227\r\nConnection: keep-alive\r\nLocation: https://errors.infinityfree.net/errors/404/\r\nCache-Control: max-age=2592000\r\nExpires: Sat, 31 Jan 2026 02:57:02 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-09T13:28:35.973848Z","times_seen":13540758,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fi.gt.tc/ei/infor.html?id=8509602168","fqdn":"fi.gt.tc","domain":"gt.tc","tld":"tc"},"ip":{"addr":"185.27.134.33","port":443,"asn":34119,"as":"Wildcard UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-01T02:57:00.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gt.tc","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 15 Oct 2025 00:00:00 GMT","end":"Tue, 13 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DA:EB:27:B1:51:C0:BC:8E:B2:A9:26:0E:16:A2:B6:2B:F0:9D:BD:E8","sha256":"70:22:61:01:3C:2D:18:29:ED:7E:A1:6E:5F:B9:E1:73:AA:0D:7C:34:A8:2A:C7:A0:31:1C:81:BF:19:7D:9E:3F"}}},"request":{"raw":"GET /ei/infor.html?id=8509602168 HTTP/1.1\r\nHost: fi.gt.tc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Thu, 01 Jan 2026 02:57:01 GMT\r\nContent-Type: text/html\r\nContent-Length: 862\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":862,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (862), with no line terminators","md5":"da99ab5a6d9d1af28fda79284cfc9621","sha1":"a718da4373d401dcd44cdba6a3e3ba3b9c370431","sha256":"0e7a639bbb2eb84fcbf0e455afa3e43170464e323ede3cb3d69e0521148ab419","sha512":"092a2a6629cabf470ebb5ed8887134209edddd6e52122b015fa2dde41b4305c19b9be6af618b38bd3e99048e8acc5b12a6010994082bddc353a764357d8158cd","ssdeep":"","tlshash":"381181f8eca0f4c0cbc000d01477c55e6406daa2f502c8af84c242ed66d1bdc0d89d3a","first_seen":"2026-01-01T02:57:24.272258Z","last_seen":"2026-01-01T02:57:24.272258Z","times_seen":1,"resource_available":false,"data":null}},"time_used":974,"timings":{"blocked":468,"dns":172,"connect":34,"send":0,"wait":35,"receive":0,"ssl":262},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-01","alert":"Sinkholed","trigger":"fi.gt.tc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}