{"report_id":"3f3b1730-b6d5-4d4a-af47-22b9e38e056e","version":6,"status":"done","tags":[],"date":"2025-12-20T23:18:46Z","url":{"schema":"http","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":0,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"final":{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"title":"Gamer Struggles [v0.1.8.3] Android Windows - Jekoso","dom":{"size":67550,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"06201bf9037307a53708f17a25b2a9f2","sha1":"d46bc22c733a66c1841318eda8c720a4724580ae","sha256":"d24e8e1e3a5fd407ef08dd32f277e698fb14cf6f59a2373635f5af939ef2a311","sha512":"0595a70624fefc71662b9cdd9e82abed07847b1d7bf6df590a04cf08ec1d403c7c044e7bc701131b2e3927eddc175b59044857d5d6512266d54c7fc1623be120","ssdeep":"1536:VpRpritiJbObcHuH/FlF/FPFoWEh6QdskDM0+8n9:VpRpritiJbObcHuH/FlF/FPFoWvkDM0F","tlshash":"d863c29a2dd55142860a4264a3fd7b2c2b1c44932c1becfab3d514cacf566bc53ee21f","dom_hash":"domhash37fa84df85cae22f54658f4955cb225f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":0,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-24T23:18:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":25}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-12-20","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"jekoso.com/wp-content/uploads/2025/12/portada_69408c9f12500.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sighhigherapprove.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sighhigherapprove.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-14T22:17:06.291076Z","alert_count":0,"request_count":3,"received_data":44073,"sent_data":1365,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"sighhigherapprove.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-07-12","domain_rank":4139932,"first_seen":"2024-07-13T06:48:09Z","last_seen":"2025-12-18T23:29:40.877366Z","alert_count":6,"request_count":3,"received_data":266734,"sent_data":1347,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"s.w.org","ip":{"addr":"192.0.77.48","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"1993-12-01","domain_rank":27695,"first_seen":"2017-01-30T04:56:16Z","last_seen":"2025-12-15T00:25:38.951762Z","alert_count":0,"request_count":4,"received_data":5668,"sent_data":1800,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"jekoso.com","ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"domain_registered":"2025-01-14","domain_rank":948290,"first_seen":"2025-06-01T19:27:48.807846Z","last_seen":"2025-09-07T23:14:48.847934Z","alert_count":39,"request_count":38,"received_data":8229003,"sent_data":21991,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"MonsterInsights:9.11.0","description":"MonsterInsights is the most popular Google Analytics plugin for WordPress.","website":"https://www.monsterinsights.com","common_platform_enumeration":"","icon":"MonsterInsights.png","categories":["WordPress plugins","Analytics"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"All in One SEO:4.8.3.2","description":"All in One SEO optimizes a WordPress website and its content for search engines.","website":"https://aioseo.com","common_platform_enumeration":"cpe:2.3:a:aioseo:all_in_one_seo:*:*:*:*:*:wordpress:*:*","icon":"AIOSEO.svg","categories":["SEO","WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"WordPress Super Cache","description":"WordPress Super Cache is a static caching plugin for WordPress.","website":"https://z9.io/wp-super-cache/","common_platform_enumeration":"","icon":"wp_super_cache.png","categories":["Caching","WordPress plugins"]},{"name":"All in One SEO Pack:4.8.3.2","description":"All in One SEO plugin optimizes WordPress website and its content for search engines.","website":"https://aioseo.com","common_platform_enumeration":"cpe:2.3:a:aioseo:all_in_one_seo:*:*:*:*:*:wordpress:*:*","icon":"AIOSEO.svg","categories":["SEO","WordPress plugins"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Elementor:3.28.4","description":"Elementor is a website builder platform for professionals on WordPress.","website":"https://elementor.com","common_platform_enumeration":"","icon":"Elementor.svg","categories":["Page builders","WordPress plugins"]},{"name":"WordPress:6.9","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]}]},{"fqdn":"descargas.jekoso.com","ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"domain_registered":"2025-01-14","domain_rank":0,"first_seen":"2025-07-19T21:43:33.883875Z","last_seen":"2025-12-05T20:30:43.562902Z","alert_count":14,"request_count":14,"received_data":6044577,"sent_data":6602,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sister-neia.com","ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"domain_registered":"2025-06-25","domain_rank":0,"first_seen":"2025-12-20T23:18:49.821723Z","last_seen":"2025-12-20T23:18:49.821723Z","alert_count":0,"request_count":1,"received_data":178740,"sent_data":466,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"3.66.182.197","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-12-16T20:59:52.98779Z","alert_count":0,"request_count":3,"received_data":1133,"sent_data":1366,"comment":"","tags":null,"fingerprints":null},{"fqdn":"creative-sb1.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-12-16T05:58:16.815567Z","alert_count":42,"request_count":14,"received_data":499278,"sent_data":6274,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"sourshaped.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2025-12-20T06:30:54.466909Z","alert_count":18,"request_count":9,"received_data":12185,"sent_data":7862,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-12-17T16:26:46.156091Z","alert_count":9,"request_count":3,"received_data":257868,"sent_data":1224,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-14T22:13:59.416786Z","alert_count":0,"request_count":5,"received_data":186947,"sent_data":2740,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-12-14T22:17:32.87103Z","alert_count":0,"request_count":1,"received_data":376505,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"realizationnewestfangs.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-02T06:26:57.543488Z","last_seen":"2025-12-16T07:55:43.565879Z","alert_count":12,"request_count":4,"received_data":9604,"sent_data":4541,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-12-17T07:19:24.346596Z","alert_count":6,"request_count":2,"received_data":1060,"sent_data":1524,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-12-17T17:02:40.749593Z","alert_count":3,"request_count":1,"received_data":377,"sent_data":413,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.show-creative1.com","ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":392451,"first_seen":"2024-08-27T12:23:01Z","last_seen":"2025-12-15T00:10:38.606346Z","alert_count":0,"request_count":2,"received_data":4538,"sent_data":944,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"wayfarerorthodox.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-08-08T11:06:50.216151Z","last_seen":"2025-12-16T05:41:41.293486Z","alert_count":6,"request_count":2,"received_data":7818,"sent_data":944,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"3644793c9614c4055b705690e4165b0a","sha1":"b5397baa4d4ade872e3f6d6a8e78efeaf8500856","sha256":"bec172ee92eacc5f0337527cd32d9ba804e5973c09060fe9cbd3d45978b88743","sha512":"e043b439a53c0199d34c5e3f6e544ad1958fb7857e82f54a7e77995d1ad017211db2ea6bdb018ce5ff0292b2e91c2d7135ba1b69e77b8908b7407caa09193536","ssdeep":"96:Og7ovUu2sB99QzSIQZTqFlnLaE6QHilfxaqzk6XnPoLSNp:O8lSczSIQg776dDaH6/oL8p","tlshash":"c4d10ec0e7dd64974aa6318d4c3e29ece03c56b238045cbbfd48fa954465c2e824eb7b","size":6682,"data":"","first_seen":"2025-12-20T23:19:01.078323Z","last_seen":"2025-12-20T23:19:01.078323Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-7K1S2B30FC","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4038cb092c8fdbb326d93edac3543978","sha1":"fa4e9ffd4107c8c57dfda1bd31c47a2594bf7cf2","sha256":"ddc9809484d1017af3558407f728cec0902f37ea1817c0c1cc0a4ebdf0f51fe5","sha512":"7d605eb5b6ce03831356e1b67067c1770a9906252ffcecbad161d40beb6f47a70ac6ac94e2bb218fe72af1c5082dd3e3c55b17bf71a1103242b05fdf44e79b33","ssdeep":"6144:5UIe7ma2bulKY/1u99xHDmHYmyBFzvnsdmxWovPad4FpC1u4:3C8bu7/1mbrnsUWdMpY","tlshash":"a98419cd73c670669392a078503f118ba57b69e2f44cc895f18acce42e746aa4237f7d","size":375901,"data":"","first_seen":"2025-12-20T23:19:01.019494Z","last_seen":"2025-12-20T23:19:01.019494Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.3","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ea5bf2de411f7ccb52e57e1415ec3d1","sha1":"23208375068c72b6184c153313eb4f0d1e9bea6a","sha256":"2efe1ab1416a823fc89a7ce3001fa02d6038db18a9b730f16d1a8158e9bddf3f","sha512":"37e8bd051e2f422bf14de69c6ee4643da965d98d99fe7861f094f9b89301e1031a560037508e35906aa87b9c0090efeeed128a43fe9565bde0c0590b30f3f885","ssdeep":"768:6ovEZXteTlaCaedY5+R5SHf7QQipB72z1EuPLkhDWucxooqO:6JZXteTlaCaedY5+R5AipBqz+cxooqO","tlshash":"ccf2c51e30007d2a927b51a6053a3a179233095fad50c11cbd6ea6ee5b7cc4573befb2","size":36748,"data":"","first_seen":"2025-04-16T07:35:26.532191Z","last_seen":"2026-04-05T00:42:04.018303Z","times_seen":25280,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/wp-emoji-release.min.js?ver=6.9","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0cc9ba5cf46af0cd73d521803e3b07e","sha1":"7d2a74f87dc70a39eccce3bae1d4cc404cb134f4","sha256":"fd59b0ebf6282ed71647bf2f6e0d1925bbfd1f270865a832079ebb60259aabca","sha512":"7ec44f08676c195547a623504c7105ef3d0acea5839675599598043f3e0b5a3386452e3db6fbea90722f7be9e6effdae1b89c49e2b05b22b8c415616e07d471d","ssdeep":"384:WzevzApRZTbXU/3o//bEPhXgA5POkpJTX:Wsk9XU/3o//YpXgAs+hX","tlshash":"7fa2959ba33a4e8f343e3bd78d968f4dc9da555321c0e079dbefb6c169a00568274c80","size":22762,"data":"","first_seen":"2025-11-10T19:52:32.864936Z","last_seen":"2026-04-05T01:45:14.950741Z","times_seen":132317,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84384,"data":"","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-04T23:48:21.884322Z","times_seen":10405,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c894b2cc26d31d2360ca6712a6d315f0","sha1":"93811d1068e6633128cccfab6fb6770a1e9858eb","sha256":"cd0ed4e841e957cd2d4191e7393fe456cdb9fc96873e1e68a3ebced572e9f74f","sha512":"f9d5d3dd9994f4253f9441c686d4c5bf4ad40c34719b605ce5b6966b3aedd36b6f4cd773b028dff9315c3f52f7bf6d5f7593b0869e85846b958e8c3eb00fe2c8","ssdeep":"192:lfJYLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToJ:lfOLiEWiFiHn1VuexjrHnAym","tlshash":"1f22650405b9da22c40ca02e207e3266fb640963ad7abfd4bbc941045fde95f79b813f","size":10330,"data":"","first_seen":"2025-12-20T23:19:01.079776Z","last_seen":"2025-12-20T23:19:01.079776Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"90e932bd9e62583fc494c00498cfe7f5","sha1":"4f57e11bff609f90f49174187a0b5a6ba847ad28","sha256":"87cee5f49ba0d3017efc409579fc58b91a717f8f14751f7d804447ac9bcbaf4b","sha512":"ed9c129faf972ddfa705f05c3207884e5e9cd175baa45d49ce9d42bc0d01e4e8f36e627731bdd97214b1e2400fdd5012262a42f9800cd4f5565dbf183ba58507","ssdeep":"96:wXDE/3s/0EBM6ZUUCRTH+zl4NsBjcEmDtrGV2C2yics6w1RfGdzsvqZTq:wzg3kBFZYH+zhjngRw2cLzw1RfGdzsvx","tlshash":"56c153847983b970b2337057f0ff48d561baeba575298081964ec4a05d7388ee0a7abd","size":5661,"data":"","first_seen":"2025-10-27T08:47:54.273294Z","last_seen":"2026-04-05T01:47:39.869674Z","times_seen":109125,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.js?ver=9.11.0","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c356ce43a7aa2dc96acfa354a321d68","sha1":"04f641543bf49fed6a06f29bf1ba4cc6e77e6b01","sha256":"736c3be5bc0dc712ae063b5e69335e535aa6c7e9dd5bd5362286054d5a15d095","sha512":"b6d5be3a5c88ee7d30526895b98b243390255ba9829ea88f0f1252f2ea2b09a0a25e2367867ea475176e1c48bc5d6a64c8b319127e48e802fe4d934d2dc6441c","ssdeep":"384:hrA2P77DnwKgOn2palaeciPU0Rd8ZwR+jHwM9pTD+3ukZu42jF15QfC1q1z:hjz7gPic0Rd8a+jHwMHTDguE7","tlshash":"c2d20d0968fb41b14c27a0688bef6049f23556631508ec84fe8d5d19bf58a3da2f8fdd","size":30876,"data":"","first_seen":"2024-10-27T04:34:06.705711Z","last_seen":"2026-04-04T20:44:24.877223Z","times_seen":1016,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-05T01:46:08.108504Z","times_seen":686553,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/wp-statistics/assets/js/tracker.js?ver=14.15.4","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca2be7699b36cdb54806c8f512492520","sha1":"f054bad5a98ce4d60e9f560c2f93a364efedab93","sha256":"c01fa4f79ce47a5a684b37c31f49b9304499fb1eba255aeb9d03cffb3d7e83ee","sha512":"8a510ae4a71f25b9dc99026fd4b0f883a41821e2774476e8d765eb2cb151d5fcea73168f25cd5ec4170680b3831dd67f21fa0d2245bd2830b8b6872cf3db333c","ssdeep":"192:5nQ998xYO9SkmsKlsLqWOGAOZPSeIWCE+D:5nQ9WxqCLw/WCEq","tlshash":"0c0284467bd25af1ccf23468152a2a3975ab0ed33202e170f828ddd3445c6d6e743b7a","size":8951,"data":"","first_seen":"2025-08-11T14:39:25.499896Z","last_seen":"2026-04-05T01:03:07.585829Z","times_seen":1612,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sighhigherapprove.com/ff/9e/5b/ff9e5bb877fc80741d3358d9a4e22826.js","fqdn":"sighhigherapprove.com","domain":"sighhigherapprove.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9bc0c5d803a9fafe0246fd3a4bcdd935","sha1":"c6711d0ec7b33d3b05e29bf7d87bc1ad4ad2d4f7","sha256":"18a47fc5a6fc1cd2ec35ff7adfed70d3964c916e8a71da45451541434e104c85","sha512":"fd40985919e86cfaf2a912b1facbbac2be5da0bd9d3e532814cee2f50c8425d1373a377fabfd55cf75cb823c7da3633b3eb18c335fddeaef642a4340145ed5b2","ssdeep":"1536:H9yUBg8XFOUGtAVTesz3WArOwlNyBv77NzxpQ2jFFwTpjI8:H3B91copUhxpJwNI8","tlshash":"097309487f42b16b5352a073626fd047f0256f1261ecd498d123e6e86f6c33af636b98","size":78779,"data":"","first_seen":"2025-12-20T23:19:01.076005Z","last_seen":"2025-12-20T23:19:01.076005Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/simple-ajax-chat/resources/sac.php?ver=20250329","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"e9f3e4f8dbc133d6d73996f805730b40","sha1":"89dc946ddbbce4f4cfe16451b36bfaff13ab472a","sha256":"5eeed0d3fe5b65a395ff21d5fac95b763a69b4b40db6d2227439e312f8d5f555","sha512":"fea17a466db98b4f91d9869e3e05b189f784ba41411fb59093c17edc1b8cdc3e15e7c6696b4ffa7d1910fd97a23f897a791d15b0b5c3f20898393a9f82bc73cb","ssdeep":"384:n/wY7Kem5Lt27KUaeDnO5JceK9azZNIivW:ot5w7KUbDnOpK9az0ie","tlshash":"4b82d8a6f7db903293f630936d3e72ad912f45b12c426c3a7d2c84503ae0d69a17ed34","size":17639,"data":"","first_seen":"2025-12-20T23:19:01.064364Z","last_seen":"2025-12-20T23:19:01.064364Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84384,"data":"","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-04T23:48:21.884322Z","times_seen":10405,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"4682a8d72c85200744cfce20fe440946","sha1":"9d4641fd4a679628124e422a6b47fa3d83a0c0d7","sha256":"74b82f076423fc504a3ea99d81ae895bdb6f9962d67fbbf4371c6e8ff7f451e7","sha512":"955d7789e0e9988bb1245c6a8812380f88577e9889195d76452027ac8f09e6e74be49df9fea9e5eb5446268229ec598ca9bb5c1eb5192d769e46ed399ef7aadc","ssdeep":"","tlshash":"06e02693e8cbcdee9a0c7bc62afd5ce8c19e10d75605145ac08c6d8b40a02381204e9e","size":328,"data":"","first_seen":"2025-12-20T23:19:01.081406Z","last_seen":"2025-12-20T23:19:01.081406Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-05T01:46:08.130968Z","times_seen":639781,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/astra-sites/inc/lib/onboarding/assets/dist/template-preview/main.js?ver=06758d4d807d9d22c6ea","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"60d72450a6829bb918b07075e6273d16","sha1":"fad4e52c06b86b8df6a4220707aad9c01ff74f7e","sha256":"4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9","sha512":"77307ced72814f611ffe6786fa16a3d81356476cd60581c08441eeb3c365c4937cf4a8b781411f129443306a6ca39ade298af0762edc34ac34ee001d27e9d28b","ssdeep":"192:tXCj6InyYlqqOre482UO7N1gqts1SIVje5L1Cd+eLXPMo56MxdC:u6IyYlq/i482UO7NW1vV65AxrUowMxdC","tlshash":"2dd1b63a3224d9380bfa4aefb978e3d4f464b419f90392e4c99ccf0925b5d43139476a","size":6581,"data":"","first_seen":"2024-01-04T16:48:42Z","last_seen":"2026-04-05T00:55:14.970805Z","times_seen":10588,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/wp-emoji-loader.min.js","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"01a59fab1202b9c5b6f826242e051c4f","sha1":"f6c4e12dc605292d757c27918cee3b5fdf3b2415","sha256":"c87f5e5cfdc4c2289fe260838b4350fc5f7f6bde5e2797626d3d99e9e5dd6cce","sha512":"aebd3ad6a76c5ab3c4754a1251c9aad69a036d107dae62818e906b827a5c4ebdf4790905ffd1276ede7d5ac2944b19654a790334ca46b8dcf684eda53e5e8226","ssdeep":"96:cvcHtHRA5NTDXnM2E0+1lfYsPHgRhR3Sm:5N0LE0+1lfYsvSN","tlshash":"54919796e77638dbb2f900f2697a0d47e7614435d6c8d438c9bda3141cb58a3c274a46","size":4542,"data":"","first_seen":"2025-12-20T23:19:01.082683Z","last_seen":"2025-12-20T23:19:01.082683Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"4129d83f602fe86c5d8110291a188394","sha1":"a8072653f730de1216a506c723d1e39ab3d0acc7","sha256":"899060604cff90ded46e59fc296de751f703745832a3edd421926d3198c24741","sha512":"73c88b513f0361103261dfc0ec405cf9caab9b6f208e7a3146029370cca444ac66a40f4dd094fdd373bc76e584b4637d53851b0c41b0c4b45dedfadbbce816a3","ssdeep":"","tlshash":"4e41312a217621300ee752eb7fca17497526020bf988ca443dee4a582fd6ec450a53f9","size":2319,"data":"","first_seen":"2025-12-05T20:30:47.788829Z","last_seen":"2025-12-20T23:19:01.084109Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/jekoso-live-chat/assets/js/chat.js?ver=5.2.0.1766271720","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"efa60bade70aaa1528d2f18041c0b1e0","sha1":"427f74c1819cafaa112d94a463bb68764ffd3a31","sha256":"218f8a79e03ea94efcc96981ca021a27a371d9e4e44e052d49f9d24fe77fc2d7","sha512":"f4e34a8a9c1757510ab54189ff30695e1eeb57d7ea2dda049be8d42fdd11994125ca8555ecc6287c9dd49c2d08ca84d728ecdebd6c11a555c137e742561958fe","ssdeep":"192:PF6p2MrYW07Icb4apQN1rO5SBltC46HFkP2rHxKQIpRkV5YzT2oQBc4ASBVhT9rc:kk3IcbUZz2tISYTV6lZrkHd","tlshash":"bd42412ef2eb39650073397eaa7fd2022f36542b100ecd507a7c65c41f50a95b66aef1","size":12747,"data":"","first_seen":"2025-12-20T23:19:01.048151Z","last_seen":"2025-12-20T23:19:01.048151Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/ymc-smart-filter/includes/assets/js/script.min.js?ver=2.9.69","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"dcc26211c0a5577eefdf3f155fd0c1ca","sha1":"6dc24aa8e45fbee6b243ca3b38137b6be425ddfd","sha256":"a43aaa137a47a789200c1ca2fda1ee3e2d66cde8ad727b4850ea7807461ca3de","sha512":"2bc121e450c82f1547d7c268baef564ab668d88368fdc5495b79f4c130a09030e8b99b83a4361f866314bc0cd45d4ff48f3a561497eb5ff1b5e3d98bf7160575","ssdeep":"768:Zd79X74aFOFKD03hU8LqV39QrOa4W5bGyF0F0t9zH+a6g7z1:CLqsrOnW5bP9a6","tlshash":"d6439915fbc0a1f410f73629f0f720d1dae96de3f05498b9b42a85b565abd40e0e2b39","size":59860,"data":"","first_seen":"2025-06-09T08:00:07.939816Z","last_seen":"2026-04-04T20:56:43.075696Z","times_seen":127,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"856610dd6a17f87a35dca824edec1235","sha1":"635fd0e4a715c3f008fa2ac898d65e40166c26a9","sha256":"ebfb9ee93927392c57c529518d4eb6a53ff57bc04ddba1c3dda4b423a02722c3","sha512":"2556be22ffce087aa0f542d5b5ebcfea4cb4219d640116fb866280a6e19afb2844667ba3fe4fc5fcd009abe4b4490d181818be155a87950449ec748543984bdd","ssdeep":"","tlshash":"5121eee22a0e18344ca3369f625f578ce8b221576402968e412dc45c2e789d793bedbc","size":1146,"data":"","first_seen":"2025-12-20T23:19:01.085581Z","last_seen":"2025-12-20T23:19:01.085581Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/filter-grids-b2a8075ed2-js-extra","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"60497caddef0c081c5abaa472f43abd7","sha1":"4f18d4181cb3e823fcdd1f98d165d571ea958ade","sha256":"33ae4ef4d4cd905068b91513c57ba6ac112c2c2a326b36b88447dc69efb3b29b","sha512":"c27661a9dfceab7c231e723c8b0e35831adb7279ee6a2d8958fcd83efbb724b0a575e7288e4293d2a7af31f1ce174474732983fc4dbc5af78fe7114e5aa765ae","ssdeep":"","tlshash":"6731a7b3dac84e4787d35ff450107ab6c17993e7f8905cc66b8dd04840a79b3e9a5146","size":1810,"data":"","first_seen":"2025-12-20T23:19:01.086868Z","last_seen":"2025-12-20T23:19:01.086868Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-04T23:48:21.876835Z","times_seen":13234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"68db7f1e04c791965551f437e73be094","sha1":"44323cce51f1edb11dd4cf0b414f213f7c44d4e2","sha256":"c4a1ae00dd7f99d821537a9512dc5cb4179bc3dd32c629527fe385c1df6f45e1","sha512":"96674edba4f7a3b0c911ee43875c463f33072e41a029e27a39bdc70fe2ecbc3e1e6741438618fb2d5e10343a4b7019f4e190b44b885f016d2e1855fce2cbedb3","ssdeep":"","tlshash":"08219ebd2f24597050fa626b654fb79c2e7e20c2901618296cadcc881fb0dc8156afa7","size":1134,"data":"","first_seen":"2025-12-20T23:19:01.088026Z","last_seen":"2025-12-20T23:19:01.088026Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"6e434b0b4f43ec7216073eed1f3ffb51","sha1":"8d8a4ab1ed63889095bdf38ba646319b639feabc","sha256":"dd0ec57abf154d52c161fae92db6014f042417d9660679097ae55287041ec52e","sha512":"20978b9f1afc586c91351ef67791224fb5469004a1ebb5af608a05f643103a358e605d2c54cdba2174bc35c266ec963690d5d1fc3f80a045f4c33fc5f67b9ab7","ssdeep":"","tlshash":"6d110cf3b3dd907fbaae6d66193402cd6a1c90735c100a5bfeac3575cc8042538b1d40","size":922,"data":"","first_seen":"2024-04-08T18:49:14Z","last_seen":"2026-04-05T01:48:15.457392Z","times_seen":176299,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/wp-statistics-tracker-js-extra","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c535c07096cb0f78fe6ac43555cab59","sha1":"81e8f553b86b6203f021f26302fc965f63a15f04","sha256":"d3dd4a3cee81ebd90cd7e6be29bf39c502f83802c632702f95531fa2f452d01f","sha512":"2e2686e45e705af605aea6d7e2d0a99ab99d07dbd3705136b956a1fbd4d7443ed7733fb41dea1cb93340984f40d6a91166e3020e50d9792119b9bbe2746dc244","ssdeep":"","tlshash":"bb514461fec54d7119c17bf081487e3516eac983e4548e74d3685e0e01edef93315202","size":2478,"data":"","first_seen":"2025-12-20T23:19:01.089901Z","last_seen":"2025-12-20T23:19:01.089901Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/jlc-js-extra","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6731f483b3ab3f26e4796f79ab5762a3","sha1":"950f77b883341597875f6bedf1d04b3abf3f1a34","sha256":"6e10446ccbaf14a479b4afe4cccc3988e22b0e5ba28572785f3236839b3d25a7","sha512":"cd4b119d74ce45d5c036fbb59ade2e909b526811b08e68f4416358c5587c7668ab76afc40a0be1cfc4629a0f8b510232febeb1bcfce575afe4cf46ef84050907","ssdeep":"","tlshash":"d3312057ead88d835ae645f8300897251c8e5262f881dc95a019488820f54739400441","size":1854,"data":"","first_seen":"2025-12-20T23:19:01.090864Z","last_seen":"2025-12-20T23:19:01.090864Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"3688fd64c409264431201fa55a828e81","sha1":"2b7eeefaa1edf3a7621f7576b35b01c895ef5367","sha256":"944433761a880eab1d567dd5389499af76aa03582c82a8aa88838e3c6c2134c6","sha512":"1393fe2f189899d68717be994820d19a7e89660ea5cd90cf4a2d3dd07b41c95c2f63a3a0833d2407f16be6a3eae698ab549eac52d4ffc82bcd2da0e4e46da210","ssdeep":"","tlshash":"bae026faea5a457101e6a1237bce739e293665a3a92a4c402899ce806838dd31126ed1","size":333,"data":"","first_seen":"2023-03-07T01:02:35Z","last_seen":"2026-04-05T00:29:52.314333Z","times_seen":32936,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.11.0","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"ae769a2b59df43b99eacb70df55fb811","sha1":"0087a940209ac6e75a5ae7060cb13008b5218d08","sha256":"e1d8d99d3074de7fc8747888add39735ddbe463a6f8f31b66e16193886f2afb5","sha512":"de67274ec9ea13f63c882107b8901bce09c96f270e4422a78e62dbae3765fabc7c04286249c56982f897ab0bde7b42a590cd16a0ab49d1cea46fe0d466c7018d","ssdeep":"768:uYEPx60boEcFDTHjGQoDo3oEK2AfR0cLltNmx6Eq2V2YYNuf6VzS50tyzQ6AuNdc:uYEPx600yMKNfRll/mx6E5DCdSLVNdwN","tlshash":"4db281a623002a3604fe17e7f5daabc47671109ffe0944155878cc6e19a8fd352f1afa","size":24658,"data":"","first_seen":"2025-04-15T12:46:58.943377Z","last_seen":"2026-04-04T11:51:44.213936Z","times_seen":1536,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"cec5cbd3e1af021ff6ec997ca86a9e59","sha1":"6b3ccaa55b74c0f10d05fd33e1e861992eef2933","sha256":"351b4ae1d2f7f7ba17662fe0ccc1816f98e5cf3194edb01d80db5752d2917501","sha512":"411af22636d41b9f09d8e0e8e60620b7dbeddde7b4fcab5b10566bb42ac3ceff31481fe76c5370dcb8ec8656f1fe3f48e97e5d96e72540bdd9c5e13898124c07","ssdeep":"","tlshash":"38d0a91002d22e0176db8ca290218fa8b0fd92a0d1d4f08daa7c864862e6a1a1a68209","size":222,"data":"","first_seen":"2025-12-03T04:13:05.672894Z","last_seen":"2026-04-04T23:38:36.166695Z","times_seen":656,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-04T23:48:21.876835Z","times_seen":13234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sighhigherapprove.com/96/e4/a4/96e4a480ec763abaa308e52020e898e1.js","fqdn":"sighhigherapprove.com","domain":"sighhigherapprove.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"43c7935c1153f8e9a41fe6c097c4b46f","sha1":"49eb6a7aea9fd893335a72127af27ee14cbc7aa1","sha256":"c1840fb34edbb6332dadb3f1daa0ad65f2dfb541278effeba7fd212be7ffeefc","sha512":"3d2fd7332876a053cd0ba6054a973ac042bcacdd4ebc34bd1837699afedd4bd63a0920749bf2d9d6f433fe6fad82f2bcc86d85bae5403e3f7e02a31be7404524","ssdeep":"1536:EpOvTY8Afd1ow5ZEUjHzQSF63R2LbqKYmEqMTd01yLVH2WQgPrNQCld5h4s9imfS:qXLD33COgu+bAKaSw","tlshash":"87a3cad97f40f06d4271607a113fa00af25b0e46688cd59ce117f6a42fa866fe57ef28","size":106587,"data":"","first_seen":"2025-12-20T23:19:01.040315Z","last_seen":"2025-12-20T23:19:01.040315Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sighhigherapprove.com/ff/9e/5b/ff9e5bb877fc80741d3358d9a4e22826.js","fqdn":"sighhigherapprove.com","domain":"sighhigherapprove.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d4fd3ea03fc5833956951ec1abc3f666","sha1":"7d67a4f5cdc45adb419b9b252362760f97c00a5c","sha256":"084556eea8d9c977cdffd7f17f290cf6e8e9c7e06cb295dacb82b4be63191502","sha512":"02c21b3d05701def2ddd2dd79e0c1afb9c224b4e4ec17dfa3bb742845de74c5991995eb2a803666c9d829fd2334e294cbbe8fec0277ca05af2311d8aaa4ee69b","ssdeep":"1536:k9yUBg8XFOUGtAVTesz3WArOwlNyBv77NzxpQ2jFFwGXjI8:k3B91copUhxpJwmI8","tlshash":"6e7309487f42f16b5352a073626fd047f0256f1261ecd498d123e6a86f6c33af636b98","size":78827,"data":"","first_seen":"2025-12-20T23:19:01.021923Z","last_seen":"2025-12-20T23:19:01.021923Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/starter-templates-zip-preview-js-extra","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c0843e788f4580e4b2812bbed5ffa4d","sha1":"599e2d8b05f3088096d67339e27723ecc9d9da21","sha256":"9ef92001d948802f635746784923b2b565d55e703bbfc8646445c19010a86259","sha512":"6b1336a2d0d904b8e46d09ad5532d0cf27ed361f2a25156c2b1d25ea0d9dcdc113d42db3451754a6894c3a7461293fdfa2401ac076f1b31eb9996ee39485210f","ssdeep":"","tlshash":"41419224f27419b2057389bdc51fc2a8949d6a43cd2ed709bd5dd96c21e675f0914703","size":1920,"data":"","first_seen":"2025-12-20T23:19:01.093118Z","last_seen":"2026-03-24T20:13:04.71612Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-04T23:48:21.876835Z","times_seen":13234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"da215ae12b95b3aeeb2047667016c7f8","sha1":"480a7087aa74b5b47c47f05a11670e823a3ae4c0","sha256":"699210a5ed06e497b4730ec83bb65ac4c2269ae4a0ee8af3f24aae7ee5b66b76","sha512":"d256ddc828c06f7b84f7df706a4481928a186ea6d3e1358254a1ec02f403d72d2f3aecd682a93aad61b8f236f17dbcf7e6ca100f78c30a348682bf8ee125d8ff","ssdeep":"384:G/rsrDr8LVyraS3dtrqorqr8hrpCip8fuxNhlGX0CiS9rH/OrLrErJ29FkFvd:iS33ZdvK47kv","tlshash":"06a2d94eb246380586f7a2a5402f521fb132e25cb105c8ddf468d8da3c7eea95173f79","size":21464,"data":"","first_seen":"2025-04-15T23:53:17.313193Z","last_seen":"2026-04-05T01:48:15.426454Z","times_seen":218288,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c894b2cc26d31d2360ca6712a6d315f0","sha1":"93811d1068e6633128cccfab6fb6770a1e9858eb","sha256":"cd0ed4e841e957cd2d4191e7393fe456cdb9fc96873e1e68a3ebced572e9f74f","sha512":"f9d5d3dd9994f4253f9441c686d4c5bf4ad40c34719b605ce5b6966b3aedd36b6f4cd773b028dff9315c3f52f7bf6d5f7593b0869e85846b958e8c3eb00fe2c8","ssdeep":"192:lfJYLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToJ:lfOLiEWiFiHn1VuexjrHnAym","tlshash":"1f22650405b9da22c40ca02e207e3266fb640963ad7abfd4bbc941045fde95f79b813f","size":10330,"data":"","first_seen":"2025-12-20T23:19:01.079776Z","last_seen":"2025-12-20T23:19:01.079776Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/astra-theme-js-js-extra","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d3b517fd6d46d2a0c9e29b37148dab6","sha1":"3ddd0befe1e4dd6bb1d46d2084885fdf9703170f","sha256":"6b9ae8ee4671d61d0407cd9a8e37fe0243b42bfa1954b721837f51906867a2b0","sha512":"e5d71d57616e02089fba629501365feec4dc51bb3b272e6910340e2354217337a163b1ae09e0d0be77aa9d9ba7f8acd6d14f09765a3cfa9035ff1eff9216dbd0","ssdeep":"","tlshash":"4131a710c2d21d0176d78c7250118f64b0fd9190d1d4f08d9a7c454862e6a1a1668109","size":1767,"data":"","first_seen":"2025-12-20T23:19:01.093972Z","last_seen":"2025-12-20T23:19:01.093972Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/comment-reply.min.js?ver=6.9","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4a49df71f8b98c1d9f9d8fce74d89e8","sha1":"b95fcda0c8c26305ad94e80343d0cfca8a048a10","sha256":"9d4687a19cab8f7442a3bda40c45be4d10e42488e091ddd706c3caed83c3ee1f","sha512":"42cd5f854779886f24c43ed14617380110c946d1b430b454060c3b391de6fbae6d0ed8ab7cdd7cfdc9726b2d6142a4e01c4448e36088dfcee7fdd00b60909f89","ssdeep":"","tlshash":"5051a7d437c95d762a83b3395efe930271712709a50805608826c86931bcfea63b67fe","size":3026,"data":"","first_seen":"2024-11-13T06:33:24.856382Z","last_seen":"2026-04-05T01:47:39.878528Z","times_seen":57115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4bc17cc45ca91ab0f09dea134975c51","sha1":"3c03312717fb495c051d02a3d27ec0d8abc2557d","sha256":"5a43a22e48f94b7a45a9a9b1a107f197213b73307fdfa2e6b2daadab264f94d2","sha512":"f8e537a2168b94875bb7ddb9a20037c5bc79831c8b4e726f224f8d7c723c5c4b4512551697cf7bfb6ce4b5f8365dc1c027107ffe3435ea27c686f5ae96d921e7","ssdeep":"","tlshash":"bbf0d4705445edf071bc80e6442d53c1b5219039372270f14b8cdcb569e0f96127ede7","size":457,"data":"","first_seen":"2024-04-03T10:12:48Z","last_seen":"2026-04-05T01:51:57.885062Z","times_seen":82185,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/ymc-smart-filter/includes/assets/js/masonry.js?ver=2.9.69","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"cfe8cf7a1a910953efbeef75326f1832","sha1":"7e8427208711fac93baf67d1b38f59e4c88f533a","sha256":"dae18e7a49f6235c9ef93579250f2521b2b11479652c17983d583721311aeb5c","sha512":"14a1c7f77745bfb61e34898fdf57f573f662d8e1a59fb9890f8986051652a5205b81d2b6899bcd3a9e00e4b1f30e9c285391f2af02e024c3b9530cec72da1503","ssdeep":"192:+ZkfJ4wCGoKCpvgIoM13AnIKneiQMnpfEtb:+cSn+CBfou8/oMpfY","tlshash":"f9f1a658b381b431d297b07e446f010bf239a829a599d4c4f339e4e29df585e527bf38","size":7784,"data":"","first_seen":"2025-02-27T20:13:31.011626Z","last_seen":"2026-04-04T20:56:43.066854Z","times_seen":130,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"jekoso.com/wp-content/themes/astra/style.css?ver=1.0","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/themes/astra/style.css?ver=1.0 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 04 Nov 2025 19:22:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a527c-1321\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4897,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (921)","md5":"61b939c1d1f2639f3a57704826b0bf84","sha1":"db7065ff3bae8edb624da79a24310a0e158dcc82","sha256":"90e622b0a9d61ec433b2ed8a64890903db4cf2c4e97cd02afbea944f09d429ad","sha512":"558920b0a3f1e7b917c605d01cb6ac6e759e4c30c219c9853214c6e46738fdbc5c99b8d1537a281e42f60cd3b0c5a2a8e63532241cae91c8320bb2cb2b2d78d1","ssdeep":"96:xQGtY5aTPKPKeg5c8wBto6ASOhEVyH3wvgoPj+yNzICMNnU3eQ9:xQY4aWLGwjo6bOhE0H3wvgoPHNzLcQ9","tlshash":"2ba1c7f7930601321f910bebfa867099e72ad149f5a850d0f49b417c729893d6bb1678","first_seen":"2025-06-09T08:00:07.901072Z","last_seen":"2026-01-03T19:55:30.087499Z","times_seen":6,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":1,"connect":68,"send":0,"wait":68,"receive":0,"ssl":75},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.js?ver=9.11.0","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.js?ver=9.11.0 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Thu, 18 Dec 2025 23:51:43 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"6944938f-789c\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30876,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"9c356ce43a7aa2dc96acfa354a321d68","sha1":"04f641543bf49fed6a06f29bf1ba4cc6e77e6b01","sha256":"736c3be5bc0dc712ae063b5e69335e535aa6c7e9dd5bd5362286054d5a15d095","sha512":"b6d5be3a5c88ee7d30526895b98b243390255ba9829ea88f0f1252f2ea2b09a0a25e2367867ea475176e1c48bc5d6a64c8b319127e48e802fe4d934d2dc6441c","ssdeep":"384:hrA2P77DnwKgOn2palaeciPU0Rd8ZwR+jHwM9pTD+3ukZu42jF15QfC1q1z:hjz7gPic0Rd8a+jHwMHTDguE7","tlshash":"c2d20d0968fb41b14c27a0688bef6049f23556631508ec84fe8d5d19bf58a3da2f8fdd","first_seen":"2024-10-27T04:34:06.705711Z","last_seen":"2026-04-04T20:44:24.877223Z","times_seen":1016,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":121,"dns":0,"connect":0,"send":0,"wait":68,"receive":1,"ssl":72},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/694375596331e_fighting_improve_2.gif","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/694375596331e_fighting_improve_2.gif HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2557855\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-27079f\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2557855,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 426 x 240","md5":"98c9dee0635be71c93605b6178834043","sha1":"5f453d520a5f58a7ce0336c6c3733ca0fc84e348","sha256":"b59d36935a922e3628a1955a9834bdbf0ee5c745edac85e7f7c47e9573508bbe","sha512":"c6821597188a9d5b1c715c53146afff20681c326ffcd282b90cbf36ebc2c92b9ef02e97bbb9fda8065a21b46cc92364fa0e1465d230a6326d9b7de8059dbe7af","ssdeep":"12288:5NO0GZHPV12jk0zhvcNVesrJoL2gHy0C31owTmZcBXhZr141pGVfnx2kMYP+t1ep:Pyd1Uwmgg56GcBRZx4G75Q8q+1","tlshash":"cf25335649b39512ee7a235bc18c05c17d0bf2327a312abce98af8e715713b1e293177","first_seen":"2025-12-20T23:19:00.998622Z","last_seen":"2025-12-20T23:19:00.998622Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1673,"timings":{"blocked":1222,"dns":0,"connect":0,"send":0,"wait":59,"receive":392,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sister-neia.com/wp-content/uploads/2025/12/20250912_164813.jpg","fqdn":"sister-neia.com","domain":"sister-neia.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sister-neia.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 04 Nov 2025 17:04:57 GMT","end":"Mon, 02 Feb 2026 17:04:56 GMT"},"fingerprint":{"sha1":"F5:85:9F:64:0E:82:65:D9:F6:57:3A:6B:DB:06:5C:0F:65:30:C2:29","sha256":"87:FD:90:E6:C0:EB:02:D1:A5:B5:F8:FA:DE:68:9C:BC:E8:07:43:0E:7F:C2:0B:16:F8:13:F6:67:7F:B2:A2:AE"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/20250912_164813.jpg HTTP/1.1\r\nHost: sister-neia.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 178496\r\nLast-Modified: Tue, 02 Dec 2025 02:58:53 GMT\r\nConnection: keep-alive\r\nETag: \"692e55ed-2b940\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":178496,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 947x947, components 3","md5":"635980f7a663eb4490cf62118ced8502","sha1":"5573c9c5a0c4fc0ff671ec3f6759e799553d08d0","sha256":"9bace78687e36c3196a69522c203c42ae9707b164777a347d01d70abc461950f","sha512":"ee30ee0b498715e3ec757da15f3fe47c0f209edcabb75b9ac8bfba395b27cd7d3eb45feb99b05a56e61264da83438a227f0d77ea6ad166e13012a1e11e67a008","ssdeep":"3072:Oyl88zqgwzwJ5CkTU2vROJBNg8bi+oTumg3JiSWz6DE4FrMIFaOvMmONqgqi:OylZPwErlppOPbiDum8iSWz6DE4eIFdW","tlshash":"cc0423205aa897f4b52ff4253f1d928783dd208682bb0d06cd54f766ba494c5cb3d8bb","first_seen":"2025-12-06T01:54:19.322276Z","last_seen":"2026-02-08T08:11:00.764492Z","times_seen":7,"resource_available":false,"data":null}},"time_used":658,"timings":{"blocked":283,"dns":1,"connect":58,"send":0,"wait":107,"receive":138,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.11.0","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.11.0 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 20:14:22 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5e9e-6052\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24658,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (24658), with no line terminators","md5":"ae769a2b59df43b99eacb70df55fb811","sha1":"0087a940209ac6e75a5ae7060cb13008b5218d08","sha256":"e1d8d99d3074de7fc8747888add39735ddbe463a6f8f31b66e16193886f2afb5","sha512":"de67274ec9ea13f63c882107b8901bce09c96f270e4422a78e62dbae3765fabc7c04286249c56982f897ab0bde7b42a590cd16a0ab49d1cea46fe0d466c7018d","ssdeep":"768:uYEPx60boEcFDTHjGQoDo3oEK2AfR0cLltNmx6Eq2V2YYNuf6VzS50tyzQ6AuNdc:uYEPx600yMKNfRll/mx6E5DCdSLVNdwN","tlshash":"4db281a623002a3604fe17e7f5daabc47671109ffe0944155878cc6e19a8fd352f1afa","first_seen":"2025-04-15T12:46:58.943377Z","last_seen":"2026-04-04T11:51:44.213936Z","times_seen":1536,"resource_available":true,"data":null}},"time_used":213,"timings":{"blocked":146,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 20 Dec 2025 23:18:25 GMT\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1f04e9e49d52374a409de4887e47180d","sha1":"8fee2f920567a574448d1aa6565c95951b68f9b5","sha256":"10cf0680b9dc5b310d265479bcebc5b380474bf2e8da9361cf8be458d183994e","sha512":"5fde8f721343e9c6254229e791ed64d6b47f28fad7690f7c83fa8c29e3112d0974f65ae0c63f09acd3e026dcb56c4de3fe0ffe37c464eb326b0495aa6c03b31c","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/9:pCJmwBUiRDfMTcfFBhiEymdmtC0BQiVb","tlshash":"df7210a1041750009b834ce223cebf35fe1f52117152d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:20:32.486705Z","last_seen":"2026-02-19T22:23:13.628811Z","times_seen":6025,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:26.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 16 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 359750\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T01:47:14.77811Z","times_seen":715655,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/12/portada_69436df5e4700.webp","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:31.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/portada_69436df5e4700.webp HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr; _ga_7K1S2B30FC=GS2.1.s1766272703$o1$g0$t1766272703$j60$l0$h0; _ga=GA1.1.1160632206.1766272703; pp_main_96e4a480ec763abaa308e52020e898e1=1; sb_main_ff9e5bb877fc80741d3358d9a4e22826=1; sb_count_ff9e5bb877fc80741d3358d9a4e22826=2; dom3ic8zudi28v8lr6fgphwffqoz0j6c=338144aa-a1d5-4374-ba0e-ec3cb06266fc%3A3%3A1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=sourshaped.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:31 GMT\r\nContent-Type: image/webp\r\nContent-Length: 55992\r\nLast-Modified: Thu, 18 Dec 2025 02:59:02 GMT\r\nConnection: keep-alive\r\nETag: \"69436df6-dab8\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55992,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 554x983, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6618404cbe04ad40a9a2766d2498835e","sha1":"8f18a30c2c4d00e146252611d78f01c5bcea61ce","sha256":"1e5734a4dc0e826fad56e73aa4ec93da5f36acba4206efc908670b5051f39450","sha512":"9235ac2451d9d93d0da74880ab89dd1c1eca119a3289ad16625969fc62689882020cc13c9d92cfa46daf06281b3d33c5fcac7cb678b740546995ec9b629c218b","ssdeep":"1536:1rSPP1HwpnNBePX1ii4+MY0wq8TRm5VeR58/3PM:1eH14nNBe/siXNC8m5VeR58//M","tlshash":"154302bf0db9d11bc61b16036ee00ac259bf3decb4c3edb4841e19a4ca65170f6a5786","first_seen":"2025-12-20T23:19:01.018526Z","last_seen":"2025-12-20T23:19:01.018526Z","times_seen":1,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-7K1S2B30FC","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:49:40 GMT","end":"Wed, 25 Feb 2026 15:49:39 GMT"},"fingerprint":{"sha1":"A1:49:37:FE:E0:3E:26:88:A3:64:37:DC:04:D7:8D:D1:D3:F3:91:75","sha256":"BB:61:22:1A:6C:67:5D:C0:C8:A6:73:93:B9:53:82:98:95:54:B5:52:8B:33:FC:08:58:01:D2:3B:FF:E6:35:12"}}},"request":{"raw":"GET /gtag/js?id=G-7K1S2B30FC HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 20 Dec 2025 23:18:22 GMT\r\nexpires: Sat, 20 Dec 2025 23:18:22 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 130026\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":375901,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"4038cb092c8fdbb326d93edac3543978","sha1":"fa4e9ffd4107c8c57dfda1bd31c47a2594bf7cf2","sha256":"ddc9809484d1017af3558407f728cec0902f37ea1817c0c1cc0a4ebdf0f51fe5","sha512":"7d605eb5b6ce03831356e1b67067c1770a9906252ffcecbad161d40beb6f47a70ac6ac94e2bb218fe72af1c5082dd3e3c55b17bf71a1103242b05fdf44e79b33","ssdeep":"6144:5UIe7ma2bulKY/1u99xHDmHYmyBFzvnsdmxWovPad4FpC1u4:3C8bu7/1mbrnsUWdMpY","tlshash":"a98419cd73c670669392a078503f118ba57b69e2f44cc895f18acce42e746aa4237f7d","first_seen":"2025-12-20T23:19:01.019494Z","last_seen":"2025-12-20T23:19:01.019494Z","times_seen":1,"resource_available":true,"data":null}},"time_used":599,"timings":{"blocked":245,"dns":1,"connect":16,"send":0,"wait":44,"receive":46,"ssl":244},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.11.0","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.11.0 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 04 Nov 2025 20:14:15 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5e97-b2ab\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45739,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (43557)","md5":"7aa9be2b6bc3772350fa1059d461af6b","sha1":"25b94188cde43738f3a0e658b22401a534e5be48","sha256":"44622e9d59e3d2c9c4ffb9fc53d368e250f382ab07a3df978410eaa86556cff9","sha512":"8d47800211a8f5f6f563b4cbb3e07d41eb6041caf2763b8e51e203b732cfae06e25485b6483004ed8cf06807ba18ac84230899cdb58dd9f052eddcbd88f29de7","ssdeep":"768:mR7Ork1rhDYollnk+FHkqYCzxdvN3JR2/WLmiyCFS7OHQtBU5PT1enhm2a7ZAR2s:mVVY+tHQtBU5PTwDuaP","tlshash":"5623e86057d035391233873efad6bd082a694313d74f26e2f8ab8668c9c57c71a72a4c","first_seen":"2025-03-07T03:37:02.022924Z","last_seen":"2026-04-04T23:22:48.303272Z","times_seen":2443,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 19:27:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5387-15601\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-05T01:46:08.108504Z","times_seen":686553,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":95,"dns":0,"connect":0,"send":0,"wait":73,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sighhigherapprove.com/ff/9e/5b/ff9e5bb877fc80741d3358d9a4e22826.js","fqdn":"sighhigherapprove.com","domain":"sighhigherapprove.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sighhigherapprove.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:31:31 GMT","end":"Wed, 04 Feb 2026 21:31:30 GMT"},"fingerprint":{"sha1":"69:53:6D:9D:79:68:86:77:2D:27:FB:9E:D2:07:F7:1D:66:96:A9:9A","sha256":"12:EB:22:E2:31:96:89:64:7C:5F:FD:2C:B5:EB:B3:EC:EE:98:AE:C8:03:FD:54:0E:70:D3:B0:3F:D7:2C:9C:0B"}}},"request":{"raw":"GET /ff/9e/5b/ff9e5bb877fc80741d3358d9a4e22826.js HTTP/1.1\r\nHost: sighhigherapprove.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 30186\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: sighhigherapprove.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d8ff78dd5792a7171c2d1d5076762c48\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78827,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d4fd3ea03fc5833956951ec1abc3f666","sha1":"7d67a4f5cdc45adb419b9b252362760f97c00a5c","sha256":"084556eea8d9c977cdffd7f17f290cf6e8e9c7e06cb295dacb82b4be63191502","sha512":"02c21b3d05701def2ddd2dd79e0c1afb9c224b4e4ec17dfa3bb742845de74c5991995eb2a803666c9d829fd2334e294cbbe8fec0277ca05af2311d8aaa4ee69b","ssdeep":"1536:k9yUBg8XFOUGtAVTesz3WArOwlNyBv77NzxpQ2jFFwGXjI8:k3B91copUhxpJwmI8","tlshash":"6e7309487f42f16b5352a073626fd047f0256f1261ecd498d123e6a86f6c33af636b98","first_seen":"2025-12-20T23:19:01.021923Z","last_seen":"2025-12-20T23:19:01.021923Z","times_seen":1,"resource_available":true,"data":null}},"time_used":516,"timings":{"blocked":-1,"dns":40,"connect":91,"send":0,"wait":97,"receive":91,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sighhigherapprove.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sighhigherapprove.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:14:37 GMT","end":"Wed, 28 Jan 2026 01:14:36 GMT"},"fingerprint":{"sha1":"5A:67:AA:88:D5:BE:C4:00:42:86:CC:4E:FC:E7:73:FE:CB:85:71:60","sha256":"F5:6C:A4:39:AC:04:F6:11:7E:DB:94:93:4C:93:FC:EC:A2:B4:4E:A4:FE:19:8E:22:C0:D8:D4:84:67:37:70:C0"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7c7cdd73ea238188e9a6ecde0e81fbae\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":62,"dns":1,"connect":17,"send":0,"wait":18,"receive":2,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.w.org/images/core/emoji/17.0.2/svg/1f44b.svg","fqdn":"s.w.org","domain":"w.org","tld":"org"},"ip":{"addr":"192.0.77.48","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:24.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.w.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 19:44:42 GMT","end":"Sat, 24 Jan 2026 19:44:41 GMT"},"fingerprint":{"sha1":"FD:D4:B7:E9:AC:7B:28:11:0D:96:A9:CC:26:88:07:21:A3:BD:51:DE","sha256":"E6:36:0F:D2:9B:17:E4:A8:11:A6:86:BE:23:8C:5A:3E:36:6A:2E:39:90:F1:28:C5:6D:5F:8B:4B:3E:FF:1B:12"}}},"request":{"raw":"GET /images/core/emoji/17.0.2/svg/1f44b.svg HTTP/1.1\r\nHost: s.w.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 23:18:24 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 07 Nov 2025 05:21:38 GMT\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-nc: HIT arn 25\r\nserver-timing: a8c-cdn, dc;desc=arn, cache;desc=HIT;dur=0.0\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1618,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"df7ba0f4020ca70048a0226d1dfa73f6","sha1":"416968aebe0a4a2405100efa809350ca000668ad","sha256":"1c8231e24838de4ad2d966d5cb48563a2a6e540a15848d337fa3c466d0730775","sha512":"e68d3d5ec28f34d1181758ead8c670d88377d2e53d0ab86a59771a98f3a06b89d84347db2a2ae44b987c6bb934b198a35a82fcb876b329c16dd5f4457aa651ed","ssdeep":"","tlshash":"0a3144c23fb4e17804eed3d18f1ad5396a2a906993730ae0843d5b495047987f057ba0","first_seen":"2023-04-06T20:35:31Z","last_seen":"2026-04-04T22:59:20.739216Z","times_seen":3385,"resource_available":false,"data":null}},"time_used":564,"timings":{"blocked":269,"dns":1,"connect":8,"send":0,"wait":8,"receive":0,"ssl":270},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-creative1.com/sb/interstitial/utility/robot/3/index.html","fqdn":"cdn.show-creative1.com","domain":"show-creative1.com","tld":"com"},"ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-creative1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 21:44:28 GMT","end":"Thu, 05 Mar 2026 22:42:58 GMT"},"fingerprint":{"sha1":"32:E8:D3:D8:57:3D:77:06:14:B5:AE:66:6B:E6:23:35:25:11:2C:25","sha256":"65:65:A6:2D:1D:7A:E9:EF:3F:02:AB:E8:2B:83:22:39:7B:1B:99:BB:3D:AE:E4:D2:5F:AB:C5:32:3B:21:23:C3"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/index.html HTTP/1.1\r\nHost: cdn.show-creative1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YUbBYc1lQA3cvZ3RrNrYic3xXg51irFcGXlHIw2GJDX4QBukSCaoYo12FJpB4t0EyAU43QkK7SFbq%2BYPOSHlXCP5zW2C5tr7otRna120AH1%2B7MBG\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b12dbd79e71b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":1524,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"9dc0a25dabbe4de856fe02152e69ab75","sha1":"d8a184a181424a51a758b262927e6c0aba7b2b15","sha256":"8c71a26417b0ad5884462cf96135d8aaf1012b9ead37bdf5b505e51dcfd3d173","sha512":"c28042db79a340dea9f66b3c4ed465fa38ea7b152549cd518ee00415109f70eb28602dee1fd4ca9b8ce4810354fe7fc7bfa1ec271cb8cfbe59c2efc58a0de182","ssdeep":"","tlshash":"a231495529fccb26118361e63f702f7ba984e943895b8440b2bd4a908be7ec5cd5720b","first_seen":"2025-09-21T13:47:45.272345Z","last_seen":"2026-04-04T17:41:38.103879Z","times_seen":1694,"resource_available":false,"data":null}},"time_used":569,"timings":{"blocked":26,"dns":15,"connect":1,"send":0,"wait":478,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/impr.gif?sid=H4sIAAAAAAAC_1SSz2skxRvGq7M5fPl68FfwJgyCsKJMuqd7MjPuIRpjQjAmMRvJwYvVVdWT2qnpaqu6pyfjJRiUBS_jzYOHzjPJBtcl6B8grhNvAcHxlMMGxX9AUPbkQWYysPhCve9bfOrwPO9bnx1lV8RHRi-33tU9qRSdr5bd0s1dGXOd29LGTslzy-6t0q6MF4Jbpe44mc7rnh-U3VdKq4K19HzF9VzXc73SijQi0t35CYVMHjS8csMtB5WyVw3QNf-928yBpQ5454o8B8lHT_8RfQDJhojb3y4L20p18trb7UzRVBt0-On7cSvWeYz2kzYyDqL4dPoa2o4I-XIGOj6dOoDuHI8dIJQjMvPCI4Tx6VQmws7JtdJQQcQI-VPIO0MINYSkQzB9CMl_IQDj2NhE3L63oU1O968pHdMRmX38F2Q-IrOP5hC3z5aU7JZua5WlUscW3aiA7A4hm0Mk2TnSngOZn4Oln0Dyn8n843XE7eNNqzQkLybuZTQEtQ6y8ZEOsshBljho88tS4NYD5lF_IWpwVnMDGgRchG6jXnFd2mA1ZGwsq4806YOpPpg5QGIO0JJ9mOwh7F4Byx3YdESc9w7Q4QVyQZBbgpwS5JIgTwnyTnHCla3Y4h5XNgu9aa1Mq18MdNo8oic6bYqYgJo-DC-OZfKRPQRLbwx6keUDPU40TIsBDXlxlFyRZ8dTcz79PEFLXJaiqCGqYViv1SJWd2uBx32_WucNGohKpV5ZgJUFpJ2ZDKQnR2Rlq4dEjsjLl_9DSM9h1TmYfAY0exE0L0D3CvTi-3dES1tdZroNrgsk6SzSfedIXZHnB9s7Sw8nq_tw-SUIdvEGOZvr_b56BmYKJKbAHfkTQVPdHWzrnBxv69yS7zaTVLZlj47XejulqZi9_47Yz7Xha8u2__WbbAzG7YMdYdN1GnMZNy35ZklyLsyKNkyQ79fsrgi3Mru3lJk4S9a33lpZaydGWCt1PASVI_L_r14FkyMyd3Nx8mWrf_8GlhzAJheL_4xVzn0MqwnCxIGSBEpckGmAhgWseOInFBc__HnNjuxdNI0Dmh4ibhfomAIdVYCqPmx2Y5Am5mLxV38SCJUzCJVxjkNl1BfXc7LyshT5osJct15b8Px6JDw_4Cyq1oMGX6Cu7wukdiRXyz_-GwAA__8nKAe9VQQAAA==","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:26.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1SSz2skxRvGq7M5fPl68FfwJgyCsKJMuqd7MjPuIRpjQjAmMRvJwYvVVdWT2qnpaqu6pyfjJRiUBS_jzYOHzjPJBtcl6B8grhNvAcHxlMMGxX9AUPbkQWYysPhCve9bfOrwPO9bnx1lV8RHRi-33tU9qRSdr5bd0s1dGXOd29LGTslzy-6t0q6MF4Jbpe44mc7rnh-U3VdKq4K19HzF9VzXc73SijQi0t35CYVMHjS8csMtB5WyVw3QNf-928yBpQ5454o8B8lHT_8RfQDJhojb3y4L20p18trb7UzRVBt0-On7cSvWeYz2kzYyDqL4dPoa2o4I-XIGOj6dOoDuHI8dIJQjMvPCI4Tx6VQmws7JtdJQQcQI-VPIO0MINYSkQzB9CMl_IQDj2NhE3L63oU1O968pHdMRmX38F2Q-IrOP5hC3z5aU7JZua5WlUscW3aiA7A4hm0Mk2TnSngOZn4Oln0Dyn8n843XE7eNNqzQkLybuZTQEtQ6y8ZEOsshBljho88tS4NYD5lF_IWpwVnMDGgRchG6jXnFd2mA1ZGwsq4806YOpPpg5QGIO0JJ9mOwh7F4Byx3YdESc9w7Q4QVyQZBbgpwS5JIgTwnyTnHCla3Y4h5XNgu9aa1Mq18MdNo8oic6bYqYgJo-DC-OZfKRPQRLbwx6keUDPU40TIsBDXlxlFyRZ8dTcz79PEFLXJaiqCGqYViv1SJWd2uBx32_WucNGohKpV5ZgJUFpJ2ZDKQnR2Rlq4dEjsjLl_9DSM9h1TmYfAY0exE0L0D3CvTi-3dES1tdZroNrgsk6SzSfedIXZHnB9s7Sw8nq_tw-SUIdvEGOZvr_b56BmYKJKbAHfkTQVPdHWzrnBxv69yS7zaTVLZlj47XejulqZi9_47Yz7Xha8u2__WbbAzG7YMdYdN1GnMZNy35ZklyLsyKNkyQ79fsrgi3Mru3lJk4S9a33lpZaydGWCt1PASVI_L_r14FkyMyd3Nx8mWrf_8GlhzAJheL_4xVzn0MqwnCxIGSBEpckGmAhgWseOInFBc__HnNjuxdNI0Dmh4ibhfomAIdVYCqPmx2Y5Am5mLxV38SCJUzCJVxjkNl1BfXc7LyshT5osJct15b8Px6JDw_4Cyq1oMGX6Cu7wukdiRXyz_-GwAA__8nKAe9VQQAAA== HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:26 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+ecc6db2e1279ee427af2bdbc9fbfb251=6308898; expires=Sun, 21 Dec 2025 23:18:26 GMT; path=/; secure; SameSite=None\niprc_l:6308898=1; expires=Sun, 21 Dec 2025 23:18:26 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 4\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bda592ab63db153fbd8076371760fde3\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"3.66.182.197","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://jekoso.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=9a0699f6-7b99-4c7e-ac8a-333c167a6e9f:3:1; expires=Tue, 18 Dec 2035 23:18:23 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"03e234174b9cc30111cc3450f614ac8a","sha1":"e836cc35c0141b437ef5196085b309248ac5e37e","sha256":"a82f4e45ea6e44d7fb409ed1d9afbfe7bb013a7ff18e292dcc97cdffd52e562c","sha512":"974a90324771e7d9014ea72f9c2a9744d48877fdd795c5d327abbefc3f1aea3ba970aaaa069048066eea0587681ede9841d2181f579f0c08ef726d9216089831","ssdeep":"","tlshash":"259004435101310453c03174444c5c5130370f34303014c1c150c504717103c3174d11","first_seen":"2025-12-20T23:19:01.025424Z","last_seen":"2025-12-20T23:19:01.025424Z","times_seen":1,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":197,"dns":28,"connect":21,"send":0,"wait":23,"receive":0,"ssl":139},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/11/20251015_140139.jpg","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:24.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/20251015_140139.jpg HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr; _ga_7K1S2B30FC=GS2.1.s1766272703$o1$g0$t1766272703$j60$l0$h0; _ga=GA1.1.1160632206.1766272703\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:24 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 202352\r\nLast-Modified: Sat, 29 Nov 2025 05:21:41 GMT\r\nConnection: keep-alive\r\nETag: \"692a82e5-31670\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":202352,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=2048, orientation=upper-left, width=1536], baseline, precision 8, 906x958, components 3","md5":"d5b5bc246d0549e05891ddf52417df6a","sha1":"b593cc7bc855af492ba63ea858e56cd4a9b01e67","sha256":"25b7c8f7fbb0e44b8b681d92ecd8e4ce9afefced9c127eb951a072e32fc0153c","sha512":"ca34548ea8e271d4472e9452adf654229dba016fa5c23590baf4b959f0499b5f1d715191956f08b29c3f019841cecaa8aee5d20028db2ecb19844775d203cec7","ssdeep":"6144:6dkaEGHR+CA4hXBgM3yJOuulxrUpJxj3Fd:6dBLO+gM3yJ9KxUf","tlshash":"8514122f2b787bd157af18872219c36669df60d011b240912d0183baf9720bd6f8e63e","first_seen":"2025-12-05T20:30:47.778582Z","last_seen":"2026-02-08T06:05:54.480384Z","times_seen":4,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/12/portada_69407fbe250a0-scaled.webp","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:27.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/portada_69407fbe250a0-scaled.webp HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr; _ga_7K1S2B30FC=GS2.1.s1766272703$o1$g0$t1766272703$j60$l0$h0; _ga=GA1.1.1160632206.1766272703; pp_main_96e4a480ec763abaa308e52020e898e1=1; sb_main_ff9e5bb877fc80741d3358d9a4e22826=1; sb_count_ff9e5bb877fc80741d3358d9a4e22826=2; dom3ic8zudi28v8lr6fgphwffqoz0j6c=338144aa-a1d5-4374-ba0e-ec3cb06266fc%3A3%3A1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=sourshaped.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:27 GMT\r\nContent-Type: image/webp\r\nContent-Length: 227936\r\nLast-Modified: Mon, 15 Dec 2025 21:38:07 GMT\r\nConnection: keep-alive\r\nETag: \"69407fbf-37a60\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":227936,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 2560x1440, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f96029f474b9a9cc8d52a2522e833fa2","sha1":"de6094e4e95b4eb265faacf160cc6fde6baa6b27","sha256":"c85b0761b53add0fbde56ccd0bbb07c107041a14af8c5f37bc24bbdcf19eb366","sha512":"e9134a98eafbd1e1730c8fbcf3c109379693c5cb7acad24a0d39b6c072ff7826549cbdcb45ba8129afa93475f247119c3e18b840a16581fc4e5b41a923215aff","ssdeep":"6144:fJWoNzBZoAjIJ+hondP7b0Fo+ienwncaVSFV:jFB+40FdP7gFNN3","tlshash":"0f2423fbe70f57dc6d18d0ea3acd9e04d5cf57ced880631018b1f82ae58145f29622aa","first_seen":"2025-12-20T23:19:01.028152Z","last_seen":"2025-12-20T23:19:01.028152Z","times_seen":1,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":132,"receive":203,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/gamer-struggles-android-windows/","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-20T23:18:22.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /gamer-struggles-android-windows/ HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 66583\r\nConnection: keep-alive\r\nVary: Accept-Encoding,Cookie\r\nCache-Control: max-age=3, must-revalidate\r\nContent-Encoding: gzip\r\nLast-Modified: Sat, 20 Dec 2025 23:02:00 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"MonsterInsights:9.11.0","description":"MonsterInsights is the most popular Google Analytics plugin for WordPress.","website":"https://www.monsterinsights.com","common_platform_enumeration":"","icon":"MonsterInsights.png","categories":["WordPress plugins","Analytics"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"All in One SEO:4.8.3.2","description":"All in One SEO optimizes a WordPress website and its content for search engines.","website":"https://aioseo.com","common_platform_enumeration":"cpe:2.3:a:aioseo:all_in_one_seo:*:*:*:*:*:wordpress:*:*","icon":"AIOSEO.svg","categories":["SEO","WordPress plugins"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"WordPress Super Cache","description":"WordPress Super Cache is a static caching plugin for WordPress.","website":"https://z9.io/wp-super-cache/","common_platform_enumeration":"","icon":"wp_super_cache.png","categories":["Caching","WordPress plugins"]},{"name":"All in One SEO Pack:4.8.3.2","description":"All in One SEO plugin optimizes WordPress website and its content for search engines.","website":"https://aioseo.com","common_platform_enumeration":"cpe:2.3:a:aioseo:all_in_one_seo:*:*:*:*:*:wordpress:*:*","icon":"AIOSEO.svg","categories":["SEO","WordPress plugins"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Elementor:3.28.4","description":"Elementor is a website builder platform for professionals on WordPress.","website":"https://elementor.com","common_platform_enumeration":"","icon":"Elementor.svg","categories":["Page builders","WordPress plugins"]},{"name":"WordPress:6.9","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":270783,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (49945)","md5":"8043da8e5f56d70cf6780144d9f822d9","sha1":"395026bcbabf7e03975d5eb404f935cb8b4d83aa","sha256":"35080b2aae4f520613c0dd67f374273e6be24b0f692fd50144010e9ea534f430","sha512":"74d21642829bfda56c28a3b39882bdcf014eaeadf4cf4e7fa21cb0bbd76a527ba8fb8f0fc3692427a5549c397332fc96daf66d9151fc3e34e7b371ae5032c2e4","ssdeep":"6144:g9BrPtrmZDlXfRBMBOw/GHDD44ofF5ppxZTXF3ft17CKgs90w6mG:or9uDlbDD44Mjpp156mG","tlshash":"8f443ba1bba014362a7b03b9f45b724971788533da4d55e6f8adc0984bc9fe310b374e","first_seen":"2025-12-20T23:19:01.029177Z","last_seen":"2025-12-20T23:19:01.029177Z","times_seen":1,"resource_available":false,"data":null}},"time_used":597,"timings":{"blocked":190,"dns":49,"connect":66,"send":0,"wait":132,"receive":84,"ssl":72},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/ymc-smart-filter/includes/assets/css/style.css?ver=2.9.69","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/ymc-smart-filter/includes/assets/css/style.css?ver=2.9.69 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 04 Nov 2025 20:13:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5e7c-454e3\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":283875,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (51389)","md5":"02115541fb5bd9ff4a027ccdd38019e3","sha1":"f39d7a875bb05291712348f81dbcecfba2e4f51a","sha256":"d7f6d1f07eb553c115d8a03b029830c35cd92f41907c433daa0433e3026ffaf0","sha512":"4efb5e1c515d8e599bb4859c93162a94f4407700fe9d096595308af929adc09b3600961860957c200ea2df11eb0cf3143fec3bb8312596aba31d51eee1fc7856","ssdeep":"3072:/oNOBJrrA5BF6I3G/Rx0y6R0y6WvJxLaURP:QNOBRrA7YI2/z0y6R0y6WvJx7P","tlshash":"2154db47a9c611a4b3a79a0ff18435fdae6cfd63c0e86ce6f60e8649e7cb7455014a0c","first_seen":"2025-04-25T02:53:36.871855Z","last_seen":"2026-04-04T17:51:25.455129Z","times_seen":114,"resource_available":false,"data":null}},"time_used":474,"timings":{"blocked":123,"dns":1,"connect":70,"send":0,"wait":130,"receive":67,"ssl":77},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/69437559783a5_image1.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/69437559783a5_image1.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 63208\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-f6e8\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63208,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 820x461, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3778ea4afe39e23ab378f14d313b9d99","sha1":"6526dbd6cb827de98955b49ffe6c5163a32fd6a7","sha256":"3301029c9bc5058be63dc204b74900e0d3673d98f216a10850c239fc2362de2b","sha512":"3dc3eea1b6c97ad4fad284746123c8c75be47e0cec73afe6e6d675231788265d482231eb34ad06919a257e760f705b5259a67974196758d26ac61d519e9d0598","ssdeep":"1536:YrUbQPU8taeE4D+ilmwqgoC6Ucm7xNUNBPBH:xQPNa94D+ilmxg1Qm7U","tlshash":"f95302f6898e992b4ebc76579975c01717908d347c670d5abd7cfaf021302f01da07a8","first_seen":"2025-12-20T23:19:01.030653Z","last_seen":"2025-12-20T23:19:01.030653Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1279,"timings":{"blocked":1221,"dns":0,"connect":0,"send":0,"wait":56,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/694375597d198_15.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/694375597d198_15.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 132372\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-20514\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":132372,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"f88f90b2ea86f0b21f2fde91790e8b13","sha1":"a314417cab7aede5df727b8f720e7680d720821d","sha256":"8c62fe11731ba931f3a0be38539ecd942df23038e8ed84f4caf34e6f1fbfca6f","sha512":"eb876d96ab6ff708b2557aad7b1a2ea2d8bb3be697b3292ddfe0c9fd75572ed2c94fda74e9c5c7ca5367a422db62cdaaa10445d54ca0c5f21984457002463fbd","ssdeep":"3072:W8dMsEQ2mNTwEojj1vzXBYWf77auoZOKCfarfld5A64WM9:tFEQ2A6jPYWfPauo6arf17i9","tlshash":"5dd31263533edd20c72660352d5881ea4ae37816ad7dfa00dad17828bdb7afdf5008d8","first_seen":"2025-12-20T23:19:01.031603Z","last_seen":"2025-12-20T23:19:01.031603Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1209,"timings":{"blocked":687,"dns":0,"connect":0,"send":0,"wait":518,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/69437559878e7_5.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/69437559878e7_5.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 508500\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-7c254\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":508500,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"a143096226722c975b1bef977c944dbb","sha1":"99df6833a4e075509328395eeca0164a60d85105","sha256":"b9ab3ac72bff9c8ce4b28c57a6354b893728d383a7a4405f54fa12fad9c1bae4","sha512":"61e510138587e9df6c8f1dc2d881f51f6635007a15cff50a23749bf1a29178719e4d6cc2b2c4dee11a3abe15aca1835b660df6db763dd101c32f7de6ff9e80c5","ssdeep":"12288:Oblug85Jtrt0nBPl5Pm3GFBimiMw0IZ+LP7gd:ml5cX6BPO3qim5RD8","tlshash":"39b4237a47e147aa3f50b830ab8291b4916dce134ec532d81574af706bf2796205f3de","first_seen":"2025-12-20T23:19:01.032461Z","last_seen":"2025-12-20T23:19:01.032461Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1251,"timings":{"blocked":286,"dns":1,"connect":58,"send":0,"wait":115,"receive":714,"ssl":73},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/694375598c9fc_3.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/694375598c9fc_3.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 411436\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-6472c\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":411436,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"7ba2d669edea8faf15454757dc122bcf","sha1":"67364b34c81dec47f84de806de57f50b56f74f07","sha256":"e649dda72a5a9a43c64f32831b339fdd9ffa7d1613139d531592e82a1c5b09e2","sha512":"7c1ccfa7e6f89082c663e60185eeb95e5074135e5714f43554d0063b6910536701aa072debfd3265faa2a3593c30cef6a1a59814a1c2bc064d678df7ce1fc67a","ssdeep":"12288:VF08+IG83bkJ/7UCYT/0LgNOGPSov1pwDf9RWoNz:VC8JbkJQTxl4fGoNz","tlshash":"1f9423e7eb9077c9e3f8e07ef15e26809d3025abd8f2a474dd371148bb581845ee8648","first_seen":"2025-12-20T23:19:01.033294Z","last_seen":"2025-12-20T23:19:01.033294Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1217,"timings":{"blocked":286,"dns":1,"connect":58,"send":0,"wait":121,"receive":672,"ssl":73},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nage: 161871\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ffhXVux8v3NkkijnCoCwIxiM1zXWuMrMDpI%2BlMT8CipRwUl8HJ39Jw7zWE%2Bczcne7TiUI4Wqb9r39UFHu1DLPJe8PHqAf6K6Cx8vdbCIvbU%3D\"}]}\r\netag: W/\"675af4e6-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 9b12dbdb69d20daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-04-04T23:05:44.782676Z","times_seen":8755,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/impr.gif?sid=H4sIAAAAAAAC_1RST2skxRuu3s3hx8-D_4IHQRgEYUWZdE_3ZGZcJBrXxGBMYjaSw16srqqe1E5PV1vVPT0ZL8GgLHgZbx4EO88kG1yXoB9AXCd7Cwi2B8lhw4pfQFD25EF6Elh8od73LZ46PH_qs730jLhI6enae2ogw5DO1Kt25cqmjLjKTGVlo-LYVftqZVNGs97VSr9suvea43pV--XKomAdNVOzHdt2bKeyILUIVH9mgkLGd1tOtWVXvVrVqXvo6__eTWrBUAu8d0aegeTFk38ENyDZGFH3u2vCdBIVv_p2Nw1pojR6_PCDqBOpLEL38RpoC0F0ePEayhSEfHkJKjq8UADV2y8VwJcFufTcA_jR4QVN-L2Dc6Z-CBHB508g640hwjEkHYOpXUj-CwEYx8oqou7tFaUzun2O0hItyNSjvyCzgkw9mEbUPZoPZb9yXYVpIlVk0A9yyP4Ysj1GnB4jGViQ2TFY8gkk_5nMPFpG1N1fNaGC5PlEvQzGoMZCWh5pIQ0spLGFLj-teHbTYw51Z4MWZw3bo57HhW-3mjXbpi3WQMpKWkMk8RAsHILpHcR6Bx05hE7vwWzlMNyCSQpivb-DHs-RCYLMEGSUIJMEWUKQ9fIDHpqayW_z0KS-czFrF9PNRypp79EDlbRFRED1EJrn-zL-yOyCJZdHg8DwkSob9ZN8RH2e78Vn5OnSNevTz2N0xGklCFqi7vvNRiNgTbvhOdx1603eop6o1Zq1WRiZQ5pLE0MGsiALawPEsiAvnf4PPj2GCY_B5FOg6QugWQ66lWMQ3bkpOsqoKlNdcJUjTqaQbFt74Rl5drS-MX9vEt2H116EYCdvkKPpwe-LR2A6R6xz3JT3CdrhrdG6ysj-usoM-X41TmRXDmgZ6_WEJmLqzrtiO1OaL10zw2_eZCVQrnc3hEmWacRl1Dbk23nJudALSjNBflgym8JfS83WfKqjNF5ee2thqRtrYYxU0RhUFuT_X70CJgsyfWVu8mXrfz8Ei3dg4pO5f0qW0x_DKAI_thDKgrxz4yFCcTL32_Nf3389HoH6OYx4rMkXJz_-SSa1Z26hrS3QZBdRN0dP5-iFOWg4hEkvj5JYn8z96k4KfmiN_FBb-36owy_OvTLytBK4osZsu9mYddxmIBzX4yyoN70Wn6W26wokppCL1Z_-DQAA__8SGEjLWQQAAA==","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:26.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RST2skxRuu3s3hx8-D_4IHQRgEYUWZdE_3ZGZcJBrXxGBMYjaSw16srqqe1E5PV1vVPT0ZL8GgLHgZbx4EO88kG1yXoB9AXCd7Cwi2B8lhw4pfQFD25EF6Elh8od73LZ46PH_qs730jLhI6enae2ogw5DO1Kt25cqmjLjKTGVlo-LYVftqZVNGs97VSr9suvea43pV--XKomAdNVOzHdt2bKeyILUIVH9mgkLGd1tOtWVXvVrVqXvo6__eTWrBUAu8d0aegeTFk38ENyDZGFH3u2vCdBIVv_p2Nw1pojR6_PCDqBOpLEL38RpoC0F0ePEayhSEfHkJKjq8UADV2y8VwJcFufTcA_jR4QVN-L2Dc6Z-CBHB508g640hwjEkHYOpXUj-CwEYx8oqou7tFaUzun2O0hItyNSjvyCzgkw9mEbUPZoPZb9yXYVpIlVk0A9yyP4Ysj1GnB4jGViQ2TFY8gkk_5nMPFpG1N1fNaGC5PlEvQzGoMZCWh5pIQ0spLGFLj-teHbTYw51Z4MWZw3bo57HhW-3mjXbpi3WQMpKWkMk8RAsHILpHcR6Bx05hE7vwWzlMNyCSQpivb-DHs-RCYLMEGSUIJMEWUKQ9fIDHpqayW_z0KS-czFrF9PNRypp79EDlbRFRED1EJrn-zL-yOyCJZdHg8DwkSob9ZN8RH2e78Vn5OnSNevTz2N0xGklCFqi7vvNRiNgTbvhOdx1603eop6o1Zq1WRiZQ5pLE0MGsiALawPEsiAvnf4PPj2GCY_B5FOg6QugWQ66lWMQ3bkpOsqoKlNdcJUjTqaQbFt74Rl5drS-MX9vEt2H116EYCdvkKPpwe-LR2A6R6xz3JT3CdrhrdG6ysj-usoM-X41TmRXDmgZ6_WEJmLqzrtiO1OaL10zw2_eZCVQrnc3hEmWacRl1Dbk23nJudALSjNBflgym8JfS83WfKqjNF5ee2thqRtrYYxU0RhUFuT_X70CJgsyfWVu8mXrfz8Ei3dg4pO5f0qW0x_DKAI_thDKgrxz4yFCcTL32_Nf3389HoH6OYx4rMkXJz_-SSa1Z26hrS3QZBdRN0dP5-iFOWg4hEkvj5JYn8z96k4KfmiN_FBb-36owy_OvTLytBK4osZsu9mYddxmIBzX4yyoN70Wn6W26wokppCL1Z_-DQAA__8SGEjLWQQAAA== HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:26 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+ecc6db2e1279ee427af2bdbc9fbfb251=6308898; expires=Sun, 21 Dec 2025 23:18:26 GMT; path=/; secure; SameSite=None\niprc_l:6308898=1; expires=Sun, 21 Dec 2025 23:18:26 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8f03a5a3fa794610c81aee8d72478288\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/css/dist/block-library/style.min.css?ver=6.9","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-includes/css/dist/block-library/style.min.css?ver=6.9 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 03 Dec 2025 07:51:23 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"692febfb-1d38f\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119695,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (55871)","md5":"693359d40ab420bb23aa1b4be239f162","sha1":"67719855e95b9befb5e16556455ea78f3b9d7d92","sha256":"b4cd2f5507698b3ebd388e2d1ed31bef9c5704a171ccd53720c27c66df2510c7","sha512":"3ea55e5e2d2cfa21f66701e322928f3199042b8d3eef8f611cae1ee5d931903fb69d39b5cbb72f493e84f477b56f44fb24badc73f2c298785a9f29eb72b6d8a5","ssdeep":"3072:SoeJBCCUQg5MG7x+qehvX02dclkWwbFpPu:mfUQg5MG7x+qehvX02dclkWiF0","tlshash":"7ec3621417b4dcf935ffa73a5e4ee258a107aa41c68a67e6e066d190718ca490cf3f0f","first_seen":"2025-12-02T22:14:51.412485Z","last_seen":"2026-04-04T21:18:30.486309Z","times_seen":20750,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":99,"dns":0,"connect":55,"send":0,"wait":110,"receive":6,"ssl":62},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/6943755982557_10.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/6943755982557_10.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 578686\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-8d47e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":578686,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"949bcbdbe036a31ee86003ea0fc2b693","sha1":"dc4fa95e14f1a822e16f5b8d2db9eeceb383d06c","sha256":"509ee83d1f4bc8e48c6e530cc2ed4a2cbbc1b67b969890bd711b82506e7fd043","sha512":"2f8a8e5e610004f80660bf15ff6fc7a4501db7fc885bae6ddc173d7a75b284c72d6a9471bed5a8d820be9a3dc8d2edcfa5a40652af04f1344076d7bb5797a623","ssdeep":"12288:BcAx5fDiKJLOFsqDbVN+BzH2x1cW3rH9dHlkHb9kcuvSdjuV:BcAx5PBWsqvVq2xqW3rH9VlSb9u+g","tlshash":"e9c4335bb586b0d34957fa3894540cfad5565a06473d0733fae32af2ea37f00810a9f9","first_seen":"2025-12-20T23:19:01.035171Z","last_seen":"2025-12-20T23:19:01.035171Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1510,"timings":{"blocked":578,"dns":0,"connect":0,"send":0,"wait":611,"receive":321,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/12/portada_69408c9f12500.gif","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/portada_69408c9f12500.gif HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2590919\r\nLast-Modified: Mon, 15 Dec 2025 22:33:03 GMT\r\nConnection: keep-alive\r\nETag: \"69408c9f-2788c7\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2590919,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 640 x 854","md5":"fb4bc6553ece8a381f8b4eaae28b680b","sha1":"d61ff09996fe86f664228f7c8b86f09b304a03b3","sha256":"ef67dedf76b99c41de4e960fecb282da9c09569bda1b36896ca27a27d90b7d5c","sha512":"198882c41fac188323bafc78a43a0d03ba2b91ac584476281925ebcbf73780744cb5f4aac5cfbf3ee9f42b40c4a6c3bfada62bc8dd3477cc52db081051df09a2","ssdeep":"24576:K2kD2RBzaY6L++hHgr4wQMZWO2aIi+Ww4XSEiL3:OD2RBeY6FRuZzJj+WPiL3","tlshash":"3b2533614667887a14dfe15a8d271db065070c6ef8d22adb4c48d1f2e2abdfdf24be40","first_seen":"2025-12-20T23:19:01.036018Z","last_seen":"2025-12-20T23:19:01.036018Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1379,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":682,"receive":697,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-12-20","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"jekoso.com/wp-content/uploads/2025/12/portada_69408c9f12500.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9703c-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C%2FfqUIdoO1uyCZIRIrxKaqQKnnxkS04LYUDv90XW7HxbpfTiEEcGeOjJNRm4yf3omaVrjHP8%2BYrx0CjmqNBnsvKHgPxkYFbGqItoPDyM\"}]}\r\ncf-ray: 9b12dbd8ee2056b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-04-04T23:05:44.601335Z","times_seen":5458,"resource_available":false,"data":null}},"time_used":600,"timings":{"blocked":62,"dns":21,"connect":1,"send":0,"wait":474,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nage: 316208\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DvCF8Os9KnBHf3ss0NqtUybqdDXBkZjgI76FRAqd3c19OWcsFfrGngCr%2FStXK%2FMt7p3JvaxRFNseM9lUkb4I%2Fe1iCjZ0WpovpuOPW7dN0eo%3D\"}]}\r\netag: W/\"68b9703b-149a0\"\r\ncontent-encoding: br\r\ncf-ray: 9b12dbdb69d70daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators","md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-04T23:48:21.884322Z","times_seen":10405,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:26.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 16 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 359750\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T01:47:14.77811Z","times_seen":715655,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:26.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 16 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 359750\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T01:47:14.77811Z","times_seen":715655,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":9,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/barlowsemicondensed/v16/wlpvgxjLBV1hqnzfr-F8sEYMB0Yybp0mudRXeIqq.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/barlowsemicondensed/v16/wlpvgxjLBV1hqnzfr-F8sEYMB0Yybp0mudRXeIqq.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22300\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Dec 2025 12:45:51 GMT\r\nexpires: Fri, 18 Dec 2026 12:45:51 GMT\r\ncache-control: public, max-age=31536000\r\nage: 210752\r\nlast-modified: Tue, 16 Sep 2025 13:43:28 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22300,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22300, version 1.0","md5":"21681f1fee25db421b7e14de0e11d2de","sha1":"aabf87fd0b364e369d969b6ff3f2cef9f4d334e3","sha256":"d03a7a5f6b74534c80699289d4f6495fdb09a7596774a4ede79129d2f8bb67b1","sha512":"e6178b933e0ddc327341b0a2956da883f5e49077c4c32883bb2eff8b1f0585768f02b404e1ab51caf3b11204db680d8a9af4284ed87105bca4ad892ec5d3fce2","ssdeep":"384:StSVD/df1NxFYpf6O7Zu8CIYKGfWarNLLI8mCK5PgmcFFfO0mDB0rvKpM7:SIF1fPxFYd7Zu8dwWarHm7PgKD6CC","tlshash":"78a2e137a6bec4e7f02734bf4790e2d52d242a5d1cba19eab0e312ca7035913881f995","first_seen":"2025-09-21T06:28:51.544108Z","last_seen":"2026-04-05T01:28:09.846394Z","times_seen":587,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":141,"dns":1,"connect":7,"send":0,"wait":8,"receive":3,"ssl":146},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/12/portada_694300668a98e.avif","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/portada_694300668a98e.avif HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Length: 2482291\r\nConnection: keep-alive\r\nLast-Modified: Wed, 17 Dec 2025 19:11:34 GMT\r\nETag: \"25e073-6462a9ce0668e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2482291,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"307b889094b5856a3afe3af532da9557","sha1":"d1b3e8a94a3c95201fd98f1098ebda6038f4e2a8","sha256":"ecd53fcf3071ebe365fa9adfd4b7f3ef1b1f2f7debd1d8941292f377a1c406ba","sha512":"7792a5040823e49cab79ccadbaed2c4537c753c0993ed522306f53744892a4b1477802007d58a15615cd3093ae0325106eaee2de0ff98a4251751ccfd07ab90a","ssdeep":"24576:5++DsiORWFfEVXwHWeLJwkuwM18qCA6j/IB2492yS249v:4iOoFMVXwT9wkuwM18v3/4Gv","tlshash":"d92533987608d64ecdb77eb8067476146bc9463e3180f9d1b3540e2f412e1adb7ca3ba","first_seen":"2025-12-20T23:19:01.038162Z","last_seen":"2025-12-20T23:19:01.038162Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":671,"receive":565,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=338144aa-a1d5-4374-ba0e-ec3cb06266fc\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=ff9e5bb877fc80741d3358d9a4e22826\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=338144aa-a1d5-4374-ba0e-ec3cb06266fc\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=ff9e5bb877fc80741d3358d9a4e22826\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 0\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e86443ffc3a9012738f36749ca3411e8\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":690,"timings":{"blocked":298,"dns":3,"connect":93,"send":0,"wait":95,"receive":1,"ssl":195},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EBlOt0WdKWW86wJqGWj9vdeUpaF8hWCwiw9bOHzzxPdoqlpVPt%2FEUXxsE0a51w5mQgwfFPO9MVcgGjIyd7vauuLdroVoS%2BEuMt8%2FuVHC\"}]}\r\nage: 161871\r\ncf-cache-status: HIT\r\netag: W/\"675af4e6-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 9b12dbd94e7c56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-04-04T23:05:44.782676Z","times_seen":8755,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.649Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 19:26:59 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5383-3509\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-04-05T01:46:08.130968Z","times_seen":639781,"resource_available":true,"data":null}},"time_used":235,"timings":{"blocked":168,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/69437559250f1_12.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/69437559250f1_12.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: image/png\r\nContent-Length: 57717\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-e175\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57717,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"c7ed65cf7accff17342ee32e3bd92728","sha1":"cf0ef15d631f017c9f504a649ed83833a6d7fe4c","sha256":"ecd363eadad65f0781c68a551770a8c76d86def962574e75797c3b23fcedb100","sha512":"50721280da9f2ffc86b9df9ac6abb5746f3a3249804987b1f1775d98dd2d91527b4bf451d4fdfeb6059eaa11cb59657d6b7533480d361c4aeb35794a049a072b","ssdeep":"1536:sAwkXPwiWQy0eV8k+bXOLnwb4EuHYnD5mfmBCSzo5hBxmXwaQ8X:spkIiy0yNUAnwbjJF9CSqBxmX88X","tlshash":"864302382345ec4ae8e2513ca99a67c0dcda7de616d45b51cc5cf2782824e074b2fadc","first_seen":"2025-12-20T23:19:01.039531Z","last_seen":"2025-12-20T23:19:01.039531Z","times_seen":1,"resource_available":false,"data":null}},"time_used":808,"timings":{"blocked":301,"dns":70,"connect":55,"send":0,"wait":111,"receive":58,"ssl":64},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sighhigherapprove.com/96/e4/a4/96e4a480ec763abaa308e52020e898e1.js","fqdn":"sighhigherapprove.com","domain":"sighhigherapprove.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sighhigherapprove.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:31:31 GMT","end":"Wed, 04 Feb 2026 21:31:30 GMT"},"fingerprint":{"sha1":"69:53:6D:9D:79:68:86:77:2D:27:FB:9E:D2:07:F7:1D:66:96:A9:9A","sha256":"12:EB:22:E2:31:96:89:64:7C:5F:FD:2C:B5:EB:B3:EC:EE:98:AE:C8:03:FD:54:0E:70:D3:B0:3F:D7:2C:9C:0B"}}},"request":{"raw":"GET /96/e4/a4/96e4a480ec763abaa308e52020e898e1.js HTTP/1.1\r\nHost: sighhigherapprove.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38171\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: sighhigherapprove.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8c84f1bee2798c2d37fccbe1b36ff92b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":106587,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"43c7935c1153f8e9a41fe6c097c4b46f","sha1":"49eb6a7aea9fd893335a72127af27ee14cbc7aa1","sha256":"c1840fb34edbb6332dadb3f1daa0ad65f2dfb541278effeba7fd212be7ffeefc","sha512":"3d2fd7332876a053cd0ba6054a973ac042bcacdd4ebc34bd1837699afedd4bd63a0920749bf2d9d6f433fe6fad82f2bcc86d85bae5403e3f7e02a31be7404524","ssdeep":"1536:EpOvTY8Afd1ow5ZEUjHzQSF63R2LbqKYmEqMTd01yLVH2WQgPrNQCld5h4s9imfS:qXLD33COgu+bAKaSw","tlshash":"87a3cad97f40f06d4271607a113fa00af25b0e46688cd59ce117f6a42fa866fe57ef28","first_seen":"2025-12-20T23:19:01.040315Z","last_seen":"2025-12-20T23:19:01.040315Z","times_seen":1,"resource_available":true,"data":null}},"time_used":513,"timings":{"blocked":-1,"dns":42,"connect":91,"send":0,"wait":99,"receive":92,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sighhigherapprove.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sighhigherapprove.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-creative1.com/sb/interstitial/utility/robot/3/index.html","fqdn":"cdn.show-creative1.com","domain":"show-creative1.com","tld":"com"},"ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-creative1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 21:44:28 GMT","end":"Thu, 05 Mar 2026 22:42:58 GMT"},"fingerprint":{"sha1":"32:E8:D3:D8:57:3D:77:06:14:B5:AE:66:6B:E6:23:35:25:11:2C:25","sha256":"65:65:A6:2D:1D:7A:E9:EF:3F:02:AB:E8:2B:83:22:39:7B:1B:99:BB:3D:AE:E4:D2:5F:AB:C5:32:3B:21:23:C3"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/index.html HTTP/1.1\r\nHost: cdn.show-creative1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h1tSsTpSOYTqv72SIsDnvyQWLf58gT9MdALLQz1ws7xhKPsGqUePuVqNtgUW7J3niXg0c0qrM6u4j27f5phKxUEAJd3WMm0%2BMo7sjQY7siaw0s2W\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b12dbd77e63b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1524,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"9dc0a25dabbe4de856fe02152e69ab75","sha1":"d8a184a181424a51a758b262927e6c0aba7b2b15","sha256":"8c71a26417b0ad5884462cf96135d8aaf1012b9ead37bdf5b505e51dcfd3d173","sha512":"c28042db79a340dea9f66b3c4ed465fa38ea7b152549cd518ee00415109f70eb28602dee1fd4ca9b8ce4810354fe7fc7bfa1ec271cb8cfbe59c2efc58a0de182","ssdeep":"","tlshash":"a231495529fccb26118361e63f702f7ba984e943895b8440b2bd4a908be7ec5cd5720b","first_seen":"2025-09-21T13:47:45.272345Z","last_seen":"2026-04-04T17:41:38.103879Z","times_seen":1694,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":42,"dns":21,"connect":1,"send":0,"wait":128,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:26 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dvS%2FWiM6qdTD8Lq3tR%2Fjct8v6BQFMUa1PCxgb2mZsTFwWObvPoeFCO4DsV0SFOCwDl5g0jdANz8h9G7tyXFrmEOqK8n4eSj5Pe%2BWf9Mz\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"68b9703b-2762\"\r\ncontent-encoding: br\r\ncf-ray: 9b12dbda2f4156b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10082,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"efffc36bcbcc0aaea3978474151a0122","sha1":"f9b9c23faef40025dcfe3f1dfdb158ce2855b83b","sha256":"4da2338ad196c676f6a310b1b91f8e4c3e513fa07cb3b7022ca9ecc4868db398","sha512":"52afe7b12764a6297e3cb430eca352a3d778802b79e3cbeb4a2c22b0e070496abd9bfb78823573aa1e4a0bff1f52f79dd9ab92a55341324c175c3ce811d01aeb","ssdeep":"192:iFJuLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToS:iFMLiEWiFiHn1VuexjrHnAyF","tlshash":"2222420409b9d921c45ca02f203e2666f7240a539d7abfd4bbc941045fdd96f79b823f","first_seen":"2025-09-21T13:47:45.283292Z","last_seen":"2026-04-04T17:41:38.132889Z","times_seen":1583,"resource_available":false,"data":null}},"time_used":473,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":472,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=225","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=225 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/12/portada_693fa3238bd4a.jpg","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:35.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/portada_693fa3238bd4a.jpg HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr; _ga_7K1S2B30FC=GS2.1.s1766272703$o1$g0$t1766272703$j60$l0$h0; _ga=GA1.1.1160632206.1766272703; pp_main_96e4a480ec763abaa308e52020e898e1=1; sb_main_ff9e5bb877fc80741d3358d9a4e22826=1; sb_count_ff9e5bb877fc80741d3358d9a4e22826=2; dom3ic8zudi28v8lr6fgphwffqoz0j6c=338144aa-a1d5-4374-ba0e-ec3cb06266fc%3A3%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:35 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 131464\r\nLast-Modified: Mon, 15 Dec 2025 05:56:51 GMT\r\nConnection: keep-alive\r\nETag: \"693fa323-20188\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131464,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 1200x675, components 3","md5":"407ba8dcd0e2bdcbd9394acb964473cd","sha1":"6739d16d08fee085a0b9f0d61bc502ec408a3edf","sha256":"d706dff7a40761dc4a76e4198c4c9552dbad6694d4c5c132a2a8e439aca140c8","sha512":"a5f1a587f6a3e0c4b87ce644d64fe7cac99e53cf0ca7dbb7ae2896c39e5c2a7825edb00feace5dad4dc76cfab1e25f65d1f887405433dd10867e08dea20066e9","ssdeep":"3072:0J6Cmq9iCf6GU41o0Ct6rEvemH+aQ3o6nKuNcAQNrmMWmRGX9:/CwCSGR1o0pgmmH+aSnKuNcAQNrmMWm+","tlshash":"bad301b1f7cbe351271722ac99bc7eb3177905c0abc8448781536d07466af39aa9393c","first_seen":"2025-12-20T23:19:01.041553Z","last_seen":"2025-12-20T23:19:01.041553Z","times_seen":1,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":133,"receive":138,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/12/portada_693fa89f7e573.jpg","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:39.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/portada_693fa89f7e573.jpg HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr; _ga_7K1S2B30FC=GS2.1.s1766272703$o1$g0$t1766272703$j60$l0$h0; _ga=GA1.1.1160632206.1766272703; pp_main_96e4a480ec763abaa308e52020e898e1=1; sb_main_ff9e5bb877fc80741d3358d9a4e22826=1; sb_count_ff9e5bb877fc80741d3358d9a4e22826=2; dom3ic8zudi28v8lr6fgphwffqoz0j6c=338144aa-a1d5-4374-ba0e-ec3cb06266fc%3A3%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:39 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 69774\r\nLast-Modified: Mon, 15 Dec 2025 06:20:15 GMT\r\nConnection: keep-alive\r\nETag: \"693fa89f-1108e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69774,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 800x450, components 3","md5":"04478e0b008425c9adec93ad4cdfaaa8","sha1":"b20425f0d26925c2e47342d83ff641e576187af2","sha256":"cabc5c7d8a5bc0c221213f79388a9d0159e9560cec5ab8506a2af135ac5ae1c8","sha512":"92f6ba079fb1eabde91da9cc81acf82d74d0b0f880de66cfa07681b9928d63e11c8c19b91792487145ec8f18b7fea70fc34299ed061299092431c5fae38e5bba","ssdeep":"1536:jDBv7hQGuc7UfdOdz/ApY1qNwLarPjLlO0QrEztOtz:0K+AJ/AxeLWFHhEtz","tlshash":"296302169f93d5c5760f731778ca9cbe80d38ad0b81d18e756ca8d49b4b2bb22b3441b","first_seen":"2025-12-20T23:19:01.042452Z","last_seen":"2025-12-20T23:19:01.042452Z","times_seen":1,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":133,"receive":76,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/12/assets_task_01k4djgqesekk8bx0hr44jh8s4_1757097401_img_1-1.png","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/assets_task_01k4djgqesekk8bx0hr44jh8s4_1757097401_img_1-1.png HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 1030542\r\nLast-Modified: Sat, 13 Dec 2025 18:13:52 GMT\r\nConnection: keep-alive\r\nETag: \"693dace0-fb98e\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1030542,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 855 x 1353, 8-bit/color RGBA, non-interlaced","md5":"97c721ca8347b7402ea6c2975dbc404e","sha1":"c76a6a44de6cd563eba6b79347eb14cf36af519a","sha256":"36fe75f6f36c69c600ed6587cc7cccc308b6b07a9eaf297334b08052835df6d5","sha512":"061ae72127bcc3545bcdb1eaa9b61620945a38ba0758a7bc24d70a2dd0eae4e7b8d657c21d0bc8a5e68fd1a147c0c01874670220433a9e7aa1019d12c3b1e1bc","ssdeep":"24576:G+3IjJoTOKZ/VJGXo/EwyLJFJNADGTf31SGlpZPXa/AffAZF7DUZP:CjJYOsNJGXo/EweJFJNGGj1SYBwAfIZy","tlshash":"692533c4ea408492e6ef7830a6dbd1f0276beefd61cc3151951ee0b01f991ae685970f","first_seen":"2025-12-20T23:19:01.04312Z","last_seen":"2026-01-03T19:55:30.048886Z","times_seen":2,"resource_available":false,"data":null}},"time_used":648,"timings":{"blocked":336,"dns":0,"connect":0,"send":0,"wait":67,"receive":245,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1106\u0026rd=1106\u0026fd=600\u0026bv=25.12.2106\u0026tmpl=70","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1106\u0026rd=1106\u0026fd=600\u0026bv=25.12.2106\u0026tmpl=70 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":709,"timings":{"blocked":317,"dns":11,"connect":93,"send":0,"wait":97,"receive":1,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"3.66.182.197","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://jekoso.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=338144aa-a1d5-4374-ba0e-ec3cb06266fc:3:1; expires=Tue, 18 Dec 2035 23:18:23 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"a33d01f1e5bb1ed241e2ae8241d8b6e8","sha1":"4be2e54b26420bad8d040222e2d8e20664725054","sha256":"59eef02595db7758390f4b36bac06cd15e65b1532bb7d987fa51d824a7991694","sha512":"8daaf75764bbdf8f7405b68dc7a439a83992965916247e0c8e93b7c93d41a63a60fa9d49785d3b3579b78e5bf729a32cb3a55cdd630089aef4c04dd5c68d5b5a","ssdeep":"","tlshash":"9590029242356490500100051580053b4a59828606a01059010a95f8340401f299b186","first_seen":"2025-12-20T23:19:01.043856Z","last_seen":"2025-12-20T23:19:01.043856Z","times_seen":1,"resource_available":false,"data":null}},"time_used":400,"timings":{"blocked":185,"dns":11,"connect":22,"send":0,"wait":21,"receive":0,"ssl":156},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"3.66.182.197","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: uid_id2=338144aa-a1d5-4374-ba0e-ec3cb06266fc:3:1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:23 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://jekoso.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"a33d01f1e5bb1ed241e2ae8241d8b6e8","sha1":"4be2e54b26420bad8d040222e2d8e20664725054","sha256":"59eef02595db7758390f4b36bac06cd15e65b1532bb7d987fa51d824a7991694","sha512":"8daaf75764bbdf8f7405b68dc7a439a83992965916247e0c8e93b7c93d41a63a60fa9d49785d3b3579b78e5bf729a32cb3a55cdd630089aef4c04dd5c68d5b5a","ssdeep":"","tlshash":"9590029242356490500100051580053b4a59828606a01059010a95f8340401f299b186","first_seen":"2025-12-20T23:19:01.043856Z","last_seen":"2025-12-20T23:19:01.043856Z","times_seen":1,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/05/cropped-IMG_20250511_032121_784-2-32x32.jpg","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:24.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/05/cropped-IMG_20250511_032121_784-2-32x32.jpg HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr; _ga_7K1S2B30FC=GS2.1.s1766272703$o1$g0$t1766272703$j60$l0$h0; _ga=GA1.1.1160632206.1766272703; pp_main_96e4a480ec763abaa308e52020e898e1=1; sb_main_ff9e5bb877fc80741d3358d9a4e22826=1; sb_count_ff9e5bb877fc80741d3358d9a4e22826=2; dom3ic8zudi28v8lr6fgphwffqoz0j6c=338144aa-a1d5-4374-ba0e-ec3cb06266fc%3A3%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:24 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 1185\r\nLast-Modified: Tue, 04 Nov 2025 19:32:04 GMT\r\nConnection: keep-alive\r\nETag: \"690a54b4-4a1\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1185,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 32x32, components 3","md5":"45c1e6756dfef4ed8256c25fb5e7c1d2","sha1":"c24bbde677de150434035505e3d5a95671e3bcae","sha256":"f82f882e8b5042f4aadb4384fd8bf3088b0d0f7cbf8c2717f4877694f6ffeeb3","sha512":"9f2ca8a6b195cfb127585f7167240c6ecf30753825d771469cd5ec4374e61d8575f54662c00cffcf17f0e16dd607d0ec9129c548cb8650e1567751459adf0318","ssdeep":"","tlshash":"a521b63b1b438351dd6f4eba9a1a2279d18e1e42b85806402b70e197d633cddb9caa0d","first_seen":"2025-06-09T08:00:07.916346Z","last_seen":"2026-01-03T19:55:30.031901Z","times_seen":6,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:26.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 16 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 16 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 359750\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T01:47:14.77811Z","times_seen":715655,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/ymc-smart-filter/includes/assets/css/datepicker.css?ver=2.9.69","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/ymc-smart-filter/includes/assets/css/datepicker.css?ver=2.9.69 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 04 Nov 2025 20:13:46 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5e7a-751e\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29982,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (28462)","md5":"7804a29e16ee7f15e31c248a1d72a871","sha1":"53157e8bc081be897a2b792c347b038b0b0d28a0","sha256":"a549f2d63c9c974df03ee0bfbe4c23e86d24d35266018ba0fb9fb8a7bcf57b7b","sha512":"45adb0aac39aad32b5d8a9ec224f026fb48102a0c120a99f287536a0aff8f7d1686fcc7d5e162f3797e60204d1d277dd0c374576092c4a6062a9b79300a576b9","ssdeep":"384:RrsfVRa9ObEP11eml7JwaIa8DNmcGLgcI6i4uVSc7nfZBhVGi:RI7bEPPl7JHIfNmcGLgcI6i4uTBhp","tlshash":"27d24130a582252dfe33d23061e11ef4523bc246eda21fbda09ab65953e98e4c57b871","first_seen":"2024-12-24T05:22:21.249803Z","last_seen":"2026-04-04T17:51:25.446788Z","times_seen":137,"resource_available":false,"data":null}},"time_used":341,"timings":{"blocked":122,"dns":1,"connect":66,"send":0,"wait":67,"receive":0,"ssl":79},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/05/cropped-cropped-IMG_20250511_032121_784-2-1-66x66.jpg","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/05/cropped-cropped-IMG_20250511_032121_784-2-1-66x66.jpg HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 2833\r\nLast-Modified: Wed, 10 Dec 2025 16:38:02 GMT\r\nConnection: keep-alive\r\nETag: \"6939a1ea-b11\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2833,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82\", baseline, precision 8, 66x66, components 3","md5":"70ea0824ab98dcd3f1f50146173c9322","sha1":"54c9a024ba5a3ae43d5f8d37465a09ecdd589eed","sha256":"78d76a9ddd8852ffdc1ea06d4cdd45455c6768c99a85900f825956ae34fe6c18","sha512":"8252c523b20c4578a20d0ef95c740c0b3c680453939b71ed85efb42fc85e04041a1b612349952aa9b279c02843dafd7130711273c3eaef9cb9b0d7d3442f3ff1","ssdeep":"","tlshash":"72510a0dae6a8955da220c7c312699bef6b971b8795076036b32f313c771ad840c866f","first_seen":"2025-08-21T04:46:36.403398Z","last_seen":"2026-01-03T19:55:30.088044Z","times_seen":5,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":312,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/69437559338e0_13.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/69437559338e0_13.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 153279\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-256bf\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":153279,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"9d0cd0ac0d4b9895769d27c96556f706","sha1":"6c049558ecdca76a28126c40ec608c8690ba31cc","sha256":"541b999d4ef485d2e585e78dfa358a3bcadaccad82e19d6ba5da2aa6a7f2b5cf","sha512":"1f3ccaabbe8bb22b71d555ab5e726142b70d243eff9af6706095801b5ce05286eaa0070b0d136e53c220c427ede48ed812939f575e321376b9904c5a94c6a004","ssdeep":"3072:2iV3IS4O98ic8mP9KVUy+q6rNheRW8E5QEvzwNqQyT:DnHzc8mPvQ6r/8izUqQS","tlshash":"55e312566a6e381efb24d335d4de97483c3ab89d9b98995bd211b1243332998ccc4ea0","first_seen":"2025-12-20T23:19:01.046476Z","last_seen":"2025-12-20T23:19:01.046476Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1275,"timings":{"blocked":1214,"dns":0,"connect":0,"send":0,"wait":56,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/12/IMG_20250511_032121_784.jpg","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.686Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/IMG_20250511_032121_784.jpg HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 89473\r\nLast-Modified: Sat, 13 Dec 2025 18:46:17 GMT\r\nConnection: keep-alive\r\nETag: \"693db479-15d81\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89473,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 640x640, components 3","md5":"c167e7bfef1853af916b7e6016cbb4fc","sha1":"70d0147f8acf5074a4d894fe48ce755f142ff7ea","sha256":"5a8bb1f5bbc6182b31010b06572647786fded8ee58bc9cec5588351d3bf55d7a","sha512":"cea97d1f3268547ae66df5f0e3cba3a1ee046ef1959d6127590e1bfc779708621caf2a39ccaafa30ea89f7b6690d2eb492e83152c8a0ecc8f84735d62869ee2e","ssdeep":"1536:gDMLVdrugLg4IfKrcPIuKzXIOCNa+cm8xIQ6GVnLAiJhkF:gDMx+42Qu+lCLz8P6SAikF","tlshash":"d89302f0d59a4e0be421a4377b8c5586c3982c9d57ba83db7338cbd9902edec8d62531","first_seen":"2025-12-20T23:19:01.047297Z","last_seen":"2025-12-20T23:19:01.047297Z","times_seen":1,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":350,"dns":0,"connect":0,"send":0,"wait":66,"receive":133,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/jekoso-live-chat/assets/js/chat.js?ver=5.2.0.1766271720","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.690Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/jekoso-live-chat/assets/js/chat.js?ver=5.2.0.1766271720 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Sun, 14 Dec 2025 12:20:35 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"693eab93-31cb\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12747,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"efa60bade70aaa1528d2f18041c0b1e0","sha1":"427f74c1819cafaa112d94a463bb68764ffd3a31","sha256":"218f8a79e03ea94efcc96981ca021a27a371d9e4e44e052d49f9d24fe77fc2d7","sha512":"f4e34a8a9c1757510ab54189ff30695e1eeb57d7ea2dda049be8d42fdd11994125ca8555ecc6287c9dd49c2d08ca84d728ecdebd6c11a555c137e742561958fe","ssdeep":"192:PF6p2MrYW07Icb4apQN1rO5SBltC46HFkP2rHxKQIpRkV5YzT2oQBc4ASBVhT9rc:kk3IcbUZz2tISYTV6lZrkHd","tlshash":"bd42412ef2eb39650073397eaa7fd2022f36542b100ecd507a7c65c41f50a95b66aef1","first_seen":"2025-12-20T23:19:01.048151Z","last_seen":"2025-12-20T23:19:01.048151Z","times_seen":1,"resource_available":true,"data":null}},"time_used":211,"timings":{"blocked":145,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.3","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-includes/js/jquery/ui/datepicker.min.js?ver=1.13.3 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 19:52:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5990-8f8c\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36748,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (36563)","md5":"9ea5bf2de411f7ccb52e57e1415ec3d1","sha1":"23208375068c72b6184c153313eb4f0d1e9bea6a","sha256":"2efe1ab1416a823fc89a7ce3001fa02d6038db18a9b730f16d1a8158e9bddf3f","sha512":"37e8bd051e2f422bf14de69c6ee4643da965d98d99fe7861f094f9b89301e1031a560037508e35906aa87b9c0090efeeed128a43fe9565bde0c0590b30f3f885","ssdeep":"768:6ovEZXteTlaCaedY5+R5SHf7QQipB72z1EuPLkhDWucxooqO:6JZXteTlaCaedY5+R5AipBqz+cxooqO","tlshash":"ccf2c51e30007d2a927b51a6053a3a179233095fad50c11cbd6ea6ee5b7cc4573befb2","first_seen":"2025-04-16T07:35:26.532191Z","last_seen":"2026-04-05T00:42:04.018303Z","times_seen":25280,"resource_available":true,"data":null}},"time_used":335,"timings":{"blocked":264,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/sbar.json?key=ff9e5bb877fc80741d3358d9a4e22826","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:24.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /sbar.json?key=ff9e5bb877fc80741d3358d9a4e22826 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4078\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://jekoso.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: pdhtkv=true; expires=Sun, 21 Dec 2025 23:18:25 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Sun, 21 Dec 2025 23:18:25 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Sun, 21 Dec 2025 23:18:25 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Sun, 21 Dec 2025 23:18:25 GMT; path=/; secure; SameSite=None\nu_pl25529200=1; expires=Sun, 21 Dec 2025 23:18:25 GMT; path=/; secure; SameSite=None\nslecff9e5bb877fc80741d3358d9a4e22826=[6308898]; expires=Sat, 20 Dec 2025 23:18:30 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 218\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 749f8cd9aa8b7587003d028914d8cb6e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5722,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"877b90547f2c6531212a6fcddb423900","sha1":"01e57a9aa6fb00b9f1c6df6d19714fce0b167efc","sha256":"b1f014f83edc53bf873866f5e2101bdb8c606ac7c6cd2d6f1baf2dee3a2149b0","sha512":"be228839390e7d4098d05741445e6e4a0c46f10682ae48f1784b518baa48f1cd5f7d439525bb03aeae3b718e8999bd8d2dc3d738b5760f118ba21728dd0606fe","ssdeep":"96:9u322V4vZcAD7YA/rqPNHDhK42ApmXaTjpeib5d6e6wm/IxeOF+wl:9je4WA3YSrqPNHVK4xpmXy0/1OQ+","tlshash":"04c16c6e300466e61ba7db4b1152dcbc1ee62547980aae7c986a7f1f26bc6c1c51c21c","first_seen":"2025-12-20T23:19:01.049571Z","last_seen":"2025-12-20T23:19:01.049571Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1299,"timings":{"blocked":586,"dns":28,"connect":134,"send":0,"wait":312,"receive":0,"ssl":217},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/sbar.json?key=ff9e5bb877fc80741d3358d9a4e22826","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:24.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /sbar.json?key=ff9e5bb877fc80741d3358d9a4e22826 HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4395\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://jekoso.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: pdhtkv=true; expires=Sun, 21 Dec 2025 23:18:25 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Sun, 21 Dec 2025 23:18:25 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Sun, 21 Dec 2025 23:18:25 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Sun, 21 Dec 2025 23:18:25 GMT; path=/; secure; SameSite=None\nu_pl25529200=1; expires=Sun, 21 Dec 2025 23:18:25 GMT; path=/; secure; SameSite=None\nslecff9e5bb877fc80741d3358d9a4e22826=[6308898]; expires=Sat, 20 Dec 2025 23:18:30 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 217\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 27c553fa531c7b4cf95db3c5ac1f9bfc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5658,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"0cd43240c1c450b0b319e9f166a83921","sha1":"50c3e5a6535d463f568f50a93746a074a24eec78","sha256":"19950c25f13838c2557100adc951427d51e3b7333a3d3570c2f952bce4d4a7c1","sha512":"6a671e1eba8405dcf2541d25e0c744c85c5fcce6f938f2443d511bbbfdd57865cd7aca770cc97e7675e8b34504b786b27630be10d99469143dca5415f6fe0d58","ssdeep":"96:9uzDjexg3eZqu/eWBdhru+y3HrZ/6Ddc2L4JwEklmRjADOI1S6j+wS6sl:9sjexg3zczBdJiHrI4JwEk3OIIz","tlshash":"23c17c5e63cf4aab0b4d56448d6f2ded85f3a992c4c48c7b8a7a973e53667894b0c040","first_seen":"2025-12-20T23:19:01.050365Z","last_seen":"2025-12-20T23:19:01.050365Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1332,"timings":{"blocked":595,"dns":32,"connect":155,"send":0,"wait":313,"receive":2,"ssl":217},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/05/cropped-IMG_20250511_032121_784-2-192x192.jpg","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:24.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/05/cropped-IMG_20250511_032121_784-2-192x192.jpg HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr; _ga_7K1S2B30FC=GS2.1.s1766272703$o1$g0$t1766272703$j60$l0$h0; _ga=GA1.1.1160632206.1766272703; pp_main_96e4a480ec763abaa308e52020e898e1=1; sb_main_ff9e5bb877fc80741d3358d9a4e22826=1; sb_count_ff9e5bb877fc80741d3358d9a4e22826=2; dom3ic8zudi28v8lr6fgphwffqoz0j6c=338144aa-a1d5-4374-ba0e-ec3cb06266fc%3A3%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:24 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 12043\r\nLast-Modified: Tue, 04 Nov 2025 19:32:04 GMT\r\nConnection: keep-alive\r\nETag: \"690a54b4-2f0b\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12043,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 192x192, components 3","md5":"64c0658f09223698bd2270685869b7b9","sha1":"0c63f0de641683f6e01e8d168747115a2f58f053","sha256":"8432c97554ee5e9f895cb740e0edfaeb399033c98a0ca1c285a75ef6d193d0d3","sha512":"ac919c82f8cb355e56d133684071ce1696a6020e94f50a0c43091aff2ffa76eed1ddb7c1bc05ef5bbd90ca826af865410491707c3523165e32cbfe6b09611195","ssdeep":"192:/PkZHtUV+FFMKAbyF5XG9XLzMhHS56cdEbXMU0Y4gQJrXp+xqeurUr:3UNS+FCpGF09fMB4XdkM3pr5+Gi","tlshash":"6d42cf90738324da0f682dba0ca0314b62e0ed11f133e72673b6e2dd41440fbba68797","first_seen":"2025-06-09T08:00:07.930975Z","last_seen":"2026-01-03T19:55:30.030813Z","times_seen":6,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/ren.gif?sid=H4sIAAAAAAAC_1RST2skxRuu3s3hx8-D_4IHQRgEYUWZ9Mz0TKZdJBrXxGBMYjaSw16s7qqe1E51V1vVPT0ZL8GgLHgZbx4EO88kG1yXoB9AXCd7Cwi2B8lhw4pfQFD25EF6Elh8od73LZ46PH_qs730jDSQ0tO199RASElnmlW7cmVTRExlprKyUanZVftqZVNELedqpV823Xut1nCq9suVRe531Uzdrtl2za5VFoTmgerPTFCI-K5bq7p21alXa00Hff3fu0ktGGqB9c7IMxCsePKP4AaEP0YUfneNm26i4lffDlNJE6XRY4cfRN1IZRHCx2ugLQTR4cVrKFMQ8uUlqOjwQgFUb79UAE8U5NJzD-BFhxc04fUOzpl6EjyCx55A1huDyzEEHcNXuxDsFwL4DCuriMLbK0pndPscpSVakKlHf0FkBZl6MI0oPJqXol-5rmSaCBUZ9IMcoj-G6IwRp8dIBhZEdgw_-QSC_UxmHi0jCvdXjVQQLJ-oF8EY1FhIyyMspIGFNLYQstOKY7cdv0YbrcBl_qztUMdh3LPddt22qevPIvVLWkMk8RC-HMLXO4j1DrpiCJ3eg9nKYZgFkxTEen8HPZYj4wSZIcgoQSYIsoQg6-UHTJq6yW8zaVKvdjHrF7ORj1TS2aMHKunwiIDqITTL90X8kdmFn1weDQLDRqps1EvyEfVYvhefkadL16xPP4_R5aeVIHB50_Pas7OB37ZnnRprNJpt5lKH1-vtegtG5BDm0sSQgSjIwtoAsSjIS6f_g0ePYeQxfPEUaPoCaJaDbuUYRHdu8q4yquqrEEzliJMpJNvWnjwjz47WN-bvTaL78NqL4P7JG-RoevD74hF8nSPWOW6K-wQdeWu0rjKyv64yQ75fjRMRigEtY72e0IRP3XmXb2dKs6VrZvjNm34JlOvdDW6SZRoxEXUM-XZeMMb1gtI-Jz8smU3uraVmaz7VURovr721sBTGmhsjVDQGFQX5_1evwBcFmb4yN_myzb8fwo93YOKTuX9KltMfwygCL7YgRUHeufEQkp_M_fb81_dfj0egXg7DH2vy-MmPf5JJ7Zlb6GgLNNlFFObo6Rw9mYPKIUx6eZTE-mTu18ak4Elr5Elt7XtSyy_OvTLitNKse41Wu93iQYsFDdaoN5jbtLnrULfluE4TiSnEYvWnfwMAAP__7nDYFVkEAAA=","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RST2skxRuu3s3hx8-D_4IHQRgEYUWZ9Mz0TKZdJBrXxGBMYjaSw16s7qqe1E51V1vVPT0ZL8GgLHgZbx4EO88kG1yXoB9AXCd7Cwi2B8lhw4pfQFD25EF6Elh8od73LZ46PH_qs730jDSQ0tO199RASElnmlW7cmVTRExlprKyUanZVftqZVNELedqpV823Xut1nCq9suVRe531Uzdrtl2za5VFoTmgerPTFCI-K5bq7p21alXa00Hff3fu0ktGGqB9c7IMxCsePKP4AaEP0YUfneNm26i4lffDlNJE6XRY4cfRN1IZRHCx2ugLQTR4cVrKFMQ8uUlqOjwQgFUb79UAE8U5NJzD-BFhxc04fUOzpl6EjyCx55A1huDyzEEHcNXuxDsFwL4DCuriMLbK0pndPscpSVakKlHf0FkBZl6MI0oPJqXol-5rmSaCBUZ9IMcoj-G6IwRp8dIBhZEdgw_-QSC_UxmHi0jCvdXjVQQLJ-oF8EY1FhIyyMspIGFNLYQstOKY7cdv0YbrcBl_qztUMdh3LPddt22qevPIvVLWkMk8RC-HMLXO4j1DrpiCJ3eg9nKYZgFkxTEen8HPZYj4wSZIcgoQSYIsoQg6-UHTJq6yW8zaVKvdjHrF7ORj1TS2aMHKunwiIDqITTL90X8kdmFn1weDQLDRqps1EvyEfVYvhefkadL16xPP4_R5aeVIHB50_Pas7OB37ZnnRprNJpt5lKH1-vtegtG5BDm0sSQgSjIwtoAsSjIS6f_g0ePYeQxfPEUaPoCaJaDbuUYRHdu8q4yquqrEEzliJMpJNvWnjwjz47WN-bvTaL78NqL4P7JG-RoevD74hF8nSPWOW6K-wQdeWu0rjKyv64yQ75fjRMRigEtY72e0IRP3XmXb2dKs6VrZvjNm34JlOvdDW6SZRoxEXUM-XZeMMb1gtI-Jz8smU3uraVmaz7VURovr721sBTGmhsjVDQGFQX5_1evwBcFmb4yN_myzb8fwo93YOKTuX9KltMfwygCL7YgRUHeufEQkp_M_fb81_dfj0egXg7DH2vy-MmPf5JJ7Zlb6GgLNNlFFObo6Rw9mYPKIUx6eZTE-mTu18ak4Elr5Elt7XtSyy_OvTLitNKse41Wu93iQYsFDdaoN5jbtLnrULfluE4TiSnEYvWnfwMAAP__7nDYFVkEAAA= HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 0\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7cf2391344719e5331d6dabb2d16125c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=225","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=225 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/pixel/sbs?c=1","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:26.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:26 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/69437559997c2_12.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/69437559997c2_12.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 57717\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-e175\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57717,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"c7ed65cf7accff17342ee32e3bd92728","sha1":"cf0ef15d631f017c9f504a649ed83833a6d7fe4c","sha256":"ecd363eadad65f0781c68a551770a8c76d86def962574e75797c3b23fcedb100","sha512":"50721280da9f2ffc86b9df9ac6abb5746f3a3249804987b1f1775d98dd2d91527b4bf451d4fdfeb6059eaa11cb59657d6b7533480d361c4aeb35794a049a072b","ssdeep":"1536:sAwkXPwiWQy0eV8k+bXOLnwb4EuHYnD5mfmBCSzo5hBxmXwaQ8X:spkIiy0yNUAnwbjJF9CSqBxmX88X","tlshash":"864302382345ec4ae8e2513ca99a67c0dcda7de616d45b51cc5cf2782824e074b2fadc","first_seen":"2025-12-20T23:19:01.039531Z","last_seen":"2025-12-20T23:19:01.039531Z","times_seen":1,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":303,"dns":1,"connect":55,"send":0,"wait":109,"receive":57,"ssl":67},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/6943755990fc0_1.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/6943755990fc0_1.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 112448\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-1b740\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":112448,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"63c60d337d3e75671eb76e2fcedcb370","sha1":"a42caf0d048ec2037dbf7a74dc584046c8bb1a96","sha256":"13ac1f533854a882dca61047da9408016b019da6bc25f223de37f39c4958b355","sha512":"1b9f3a0fd260ec1c96b84712f4fa1c7014a51f83e3a9c2dc447b9a65148b485cb306222b03e487a07898f82002b67cb550bcf5c5101d14ea1c2ddd6ce4ef23fb","ssdeep":"3072:P5wUyetlYLoZzT6eynRqM8FdeGlbqggLE1636VzIzKoXcBKD:hwXolxyJUD3gLE1636VzIzjXcI","tlshash":"eab3126cffe8f4e3e2bc1c61046993f25fa9a7d9c2a59393b065dd416c88d4dc4a048b","first_seen":"2025-12-20T23:19:01.052087Z","last_seen":"2025-12-20T23:19:01.052087Z","times_seen":1,"resource_available":false,"data":null}},"time_used":568,"timings":{"blocked":453,"dns":0,"connect":0,"send":0,"wait":56,"receive":59,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/comment-reply.min.js?ver=6.9","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-includes/js/comment-reply.min.js?ver=6.9 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 19:20:44 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a520c-bd2\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3026,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (2991)","md5":"e4a49df71f8b98c1d9f9d8fce74d89e8","sha1":"b95fcda0c8c26305ad94e80343d0cfca8a048a10","sha256":"9d4687a19cab8f7442a3bda40c45be4d10e42488e091ddd706c3caed83c3ee1f","sha512":"42cd5f854779886f24c43ed14617380110c946d1b430b454060c3b391de6fbae6d0ed8ab7cdd7cfdc9726b2d6142a4e01c4448e36088dfcee7fdd00b60909f89","ssdeep":"","tlshash":"5051a7d437c95d762a83b3395efe930271712709a50805608826c86931bcfea63b67fe","first_seen":"2024-11-13T06:33:24.856382Z","last_seen":"2026-04-05T01:47:39.878528Z","times_seen":57115,"resource_available":true,"data":null}},"time_used":207,"timings":{"blocked":141,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-includes/js/dist/dom-ready.min.js?ver=f77871ff7694fffea381 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 19:26:50 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a537a-1c9\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":457,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (422)","md5":"e4bc17cc45ca91ab0f09dea134975c51","sha1":"3c03312717fb495c051d02a3d27ec0d8abc2557d","sha256":"5a43a22e48f94b7a45a9a9b1a107f197213b73307fdfa2e6b2daadab264f94d2","sha512":"f8e537a2168b94875bb7ddb9a20037c5bc79831c8b4e726f224f8d7c723c5c4b4512551697cf7bfb6ce4b5f8365dc1c027107ffe3435ea27c686f5ae96d921e7","ssdeep":"","tlshash":"bbf0d4705445edf071bc80e6442d53c1b5219039372270f14b8cdcb569e0f96127ede7","first_seen":"2024-04-03T10:12:48Z","last_seen":"2026-04-05T01:51:57.885062Z","times_seen":82185,"resource_available":true,"data":null}},"time_used":257,"timings":{"blocked":191,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-includes/js/dist/hooks.min.js?ver=dd5603f07f9220ed27f1 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Wed, 03 Dec 2025 07:51:23 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"692febfb-161d\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5661,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (5626)","md5":"90e932bd9e62583fc494c00498cfe7f5","sha1":"4f57e11bff609f90f49174187a0b5a6ba847ad28","sha256":"87cee5f49ba0d3017efc409579fc58b91a717f8f14751f7d804447ac9bcbaf4b","sha512":"ed9c129faf972ddfa705f05c3207884e5e9cd175baa45d49ce9d42bc0d01e4e8f36e627731bdd97214b1e2400fdd5012262a42f9800cd4f5565dbf183ba58507","ssdeep":"96:wXDE/3s/0EBM6ZUUCRTH+zl4NsBjcEmDtrGV2C2yics6w1RfGdzsvqZTq:wzg3kBFZYH+zhjngRw2cLzw1RfGdzsvx","tlshash":"56c153847983b970b2337057f0ff48d561baeba575298081964ec4a05d7388ee0a7abd","first_seen":"2025-10-27T08:47:54.273294Z","last_seen":"2026-04-05T01:47:39.869674Z","times_seen":109125,"resource_available":true,"data":null}},"time_used":334,"timings":{"blocked":264,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 15eee7729b83e184e549ce399d76a10f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":698,"timings":{"blocked":311,"dns":6,"connect":91,"send":0,"wait":98,"receive":3,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.316Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 60f38c59d6d764221859c759c77d00f9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-04T23:48:21.876835Z","times_seen":13234,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":116,"dns":8,"connect":21,"send":0,"wait":21,"receive":24,"ssl":53},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=338144aa-a1d5-4374-ba0e-ec3cb06266fc\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=96e4a480ec763abaa308e52020e898e1\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=338144aa-a1d5-4374-ba0e-ec3cb06266fc\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=96e4a480ec763abaa308e52020e898e1\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=23 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b0ce6f6974d27d09eb26822c70be4752\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":760,"timings":{"blocked":326,"dns":1,"connect":106,"send":0,"wait":108,"receive":0,"ssl":215},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/astra-sites/inc/lib/onboarding/assets/dist/template-preview/main.js?ver=06758d4d807d9d22c6ea","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/astra-sites/inc/lib/onboarding/assets/dist/template-preview/main.js?ver=06758d4d807d9d22c6ea HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 20:38:50 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a645a-19b5\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6581,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6581), with no line terminators","md5":"60d72450a6829bb918b07075e6273d16","sha1":"fad4e52c06b86b8df6a4220707aad9c01ff74f7e","sha256":"4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9","sha512":"77307ced72814f611ffe6786fa16a3d81356476cd60581c08441eeb3c365c4937cf4a8b781411f129443306a6ca39ade298af0762edc34ac34ee001d27e9d28b","ssdeep":"192:tXCj6InyYlqqOre482UO7N1gqts1SIVje5L1Cd+eLXPMo56MxdC:u6IyYlq/i482UO7NW1vV65AxrUowMxdC","tlshash":"2dd1b63a3224d9380bfa4aefb978e3d4f464b419f90392e4c99ccf0925b5d43139476a","first_seen":"2024-01-04T16:48:42Z","last_seen":"2026-04-05T00:55:14.970805Z","times_seen":10588,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":200,"dns":0,"connect":0,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/ymc-smart-filter/includes/assets/fonts/Roboto-Regular.woff2","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/ymc-smart-filter/includes/assets/fonts/Roboto-Regular.woff2 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/wp-content/plugins/ymc-smart-filter/includes/assets/css/style.css?ver=2.9.69\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 65872\r\nLast-Modified: Tue, 04 Nov 2025 20:13:49 GMT\r\nConnection: keep-alive\r\nETag: \"690a5e7d-10150\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65872,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 65872, version 1.0","md5":"e8f0bf6927f366b357e329492e9d889a","sha1":"dd12b79852dad8910fc4dba007bbe489f086e426","sha256":"4130fe222cdf3ba4db5bceffa2bd4cd3d12213ec636a075fd6505bdace4b364e","sha512":"8a8f7a24cb03dc7147d5b2cdf0db2fc83ebf3cf2b704cfd0cc8988971f6a1914571b91fab12bb543ed0456a975958fe8693058d6072ca95d7b5400db694f921e","ssdeep":"768:OUhQwVALc5dr9VO7TzmsJ8JR5DBopLxRUls5M86GnCGHQ3uR6LOjzs+kxfBquf0n:tHuSd5VOQeVyl86G1sWs1xtVPCoo","tlshash":"f253026ec1033b82bfb6cf292183f543cb69018555cc952d8d16fd88c9fcea4ab0959b","first_seen":"2024-12-09T02:09:44.320894Z","last_seen":"2026-04-04T12:17:30.708229Z","times_seen":188,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 30cba3c7783840d8dcd7cc3c38d49d0f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-04T23:48:21.876835Z","times_seen":13234,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.w.org/images/core/emoji/17.0.2/svg/1f30d.svg","fqdn":"s.w.org","domain":"w.org","tld":"org"},"ip":{"addr":"192.0.77.48","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:24.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.w.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 19:44:42 GMT","end":"Sat, 24 Jan 2026 19:44:41 GMT"},"fingerprint":{"sha1":"FD:D4:B7:E9:AC:7B:28:11:0D:96:A9:CC:26:88:07:21:A3:BD:51:DE","sha256":"E6:36:0F:D2:9B:17:E4:A8:11:A6:86:BE:23:8C:5A:3E:36:6A:2E:39:90:F1:28:C5:6D:5F:8B:4B:3E:FF:1B:12"}}},"request":{"raw":"GET /images/core/emoji/17.0.2/svg/1f30d.svg HTTP/1.1\r\nHost: s.w.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 23:18:24 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 07 Nov 2025 05:22:03 GMT\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-nc: HIT arn 25\r\nserver-timing: a8c-cdn, dc;desc=arn, cache;desc=HIT;dur=0.0\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1156,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6d274903d488a6b57e40a883809fb33c","sha1":"41440d6a845cff94f3f0096c7946fc6419354d98","sha256":"593d59f9f319875b02111ac46a9f70df2c1e0f3a5fd92810c3f5ddbb598ca62c","sha512":"940ff1bad940e7ccfa82ebd11a3335804193efe80cfa811b9820e8bc29bff1f1c8d98d3b97ff00ccc9900244a19423165e0faa5d9b56a395e751c43ae534edc5","ssdeep":"","tlshash":"d72167f89335b2c4f6aa801fbcf8609e661b829b433d8da480c56dc4c0e79c5b309c21","first_seen":"2023-05-08T15:08:59Z","last_seen":"2026-04-05T00:29:34.010806Z","times_seen":935,"resource_available":false,"data":null}},"time_used":780,"timings":{"blocked":375,"dns":1,"connect":46,"send":0,"wait":16,"receive":0,"ssl":283},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.w.org/images/core/emoji/17.0.2/svg/1f4cd.svg","fqdn":"s.w.org","domain":"w.org","tld":"org"},"ip":{"addr":"192.0.77.48","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:24.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.w.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 19:44:42 GMT","end":"Sat, 24 Jan 2026 19:44:41 GMT"},"fingerprint":{"sha1":"FD:D4:B7:E9:AC:7B:28:11:0D:96:A9:CC:26:88:07:21:A3:BD:51:DE","sha256":"E6:36:0F:D2:9B:17:E4:A8:11:A6:86:BE:23:8C:5A:3E:36:6A:2E:39:90:F1:28:C5:6D:5F:8B:4B:3E:FF:1B:12"}}},"request":{"raw":"GET /images/core/emoji/17.0.2/svg/1f4cd.svg HTTP/1.1\r\nHost: s.w.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 23:18:24 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 277\r\nlast-modified: Fri, 07 Nov 2025 05:22:03 GMT\r\nx-frame-options: SAMEORIGIN\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-nc: HIT arn 25\r\nserver-timing: a8c-cdn, dc;desc=arn, cache;desc=HIT;dur=0.0\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":277,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"304f17a447dd859533f5b41c0f2464f0","sha1":"1cfaddc961f5f6ff7981a27dec441d4b65d9d2e2","sha256":"adaeabf73cbaaec23155f6a4e50cbe06fa22e25e62a42b2a62611410809b35cd","sha512":"6feda360e0515f16b507d2836aaa202a0a8eab2ad293144713eede03e8e2c637403154c6f60070e5e38927d2b26922efda61ff5f263d508cf70d2ae9db8e750c","ssdeep":"","tlshash":"c0d02b98603ce7418c44c618457bbc8552da60475e144baab1931c1d75443d73841b75","first_seen":"2023-04-07T03:19:52Z","last_seen":"2026-04-04T23:17:49.846221Z","times_seen":2374,"resource_available":false,"data":null}},"time_used":756,"timings":{"blocked":363,"dns":0,"connect":37,"send":0,"wait":12,"receive":0,"ssl":217},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.w.org/images/core/emoji/17.0.2/svg/1f4f7.svg","fqdn":"s.w.org","domain":"w.org","tld":"org"},"ip":{"addr":"192.0.77.48","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:24.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.w.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 19:44:42 GMT","end":"Sat, 24 Jan 2026 19:44:41 GMT"},"fingerprint":{"sha1":"FD:D4:B7:E9:AC:7B:28:11:0D:96:A9:CC:26:88:07:21:A3:BD:51:DE","sha256":"E6:36:0F:D2:9B:17:E4:A8:11:A6:86:BE:23:8C:5A:3E:36:6A:2E:39:90:F1:28:C5:6D:5F:8B:4B:3E:FF:1B:12"}}},"request":{"raw":"GET /images/core/emoji/17.0.2/svg/1f4f7.svg HTTP/1.1\r\nHost: s.w.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Dec 2025 23:18:24 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 07 Nov 2025 05:21:38 GMT\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-nc: HIT arn 25\r\nserver-timing: a8c-cdn, dc;desc=arn, cache;desc=HIT;dur=0.0\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":511,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6c895a6898d73cc30959ac78c67c2ddf","sha1":"f6b208bca8f93d448a391e825f231b0cf53a29c3","sha256":"d53afdbf8189af1d63c0b666b339e3d1116503eef12f9319278f7243c38bcb1d","sha512":"30a7347d1a8b788b5ea32b1943046cac5a9ef305427cb98905cda0bb356cabdbc51776e4a89b53589b684ed98bbab6f0c5ba8d9238b74f36fc3f66c827f52b88","ssdeep":"","tlshash":"08f0b4f1a07df49b9e00d5f0159fb0c661cb515a03ca039c3008a9597a163af346af70","first_seen":"2023-07-28T19:17:29Z","last_seen":"2026-04-04T15:56:06.147298Z","times_seen":210,"resource_available":false,"data":null}},"time_used":856,"timings":{"blocked":387,"dns":18,"connect":173,"send":0,"wait":119,"receive":0,"ssl":140},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realizationnewestfangs.com/ren.gif?sid=H4sIAAAAAAAC_1SSz2skxRvGq7M5fPl68FfwJgyCsKJMemZ6JtPuIRpjQjAmMRvJwYvVXdWT2qnuaqu6pyfjJRiUBS_jzYOHzjPJBtcl6B8grhNvAcH2lMMGxX9AUPbkQXoysPhCve9bfOrwPO9bnx2lV6SBlF5uvasGQko636zalZu7ImIqM5WNnUrNrtq3Krsiajm3Kv0y6d7rtYZTtV-prHK_q-brds22a3atsiI0D1R_fkIh4gdureraVaderTUd9PV_7ya1YKgF1rsiz0Gw4uk_gg8g_DGi8NtlbrqJil97O0wlTZRGj52-H3UjlUUIn7SBthBEp9PXUKYg5MsZqOh06gCqd1w6gCcKMvPCI3jR6VQmvN7JtVJPgkfw2FPIemNwOYagY_jqEIL9QgCfYWMTUXhvQ-mM7l9TWtKCzD7-CyIryOyjOUTh2ZIU_cptJdNEqMigH-QQ_TFEZ4w4PUcysCCyc_jJJxDsZzL_eB1ReLxppIJg-cS9CMagxkJaHmEhDSyksYWQXVYcu-34NdpoBS7zF2yHOg7jnu2267ZNXX8BqV_KGiKJh_DlEL4-QKwP0BVD6PQhzF4OwyyYpCDWewfosRwZJ8gMQUYJMkGQJQRZLz9h0tRNfo9Jk3q1aa1PayMfqaRzRE9U0uERAdVDaJYfi_gjcwg_uTEaBIaNVJmol-Qj6rH8KL4iz5ZTsz79PEaXX1aCwOVNz2svLAR-215waqzRaLaZSx1er7frLRiRQ5iZyUAGoiArWwPEoiAvX_4PHj2HkefwxTOg6YugWQ66l2MQ3b_Du8qoqq9CMJUjTmaR7FtH8oo8P9reWXo4Wd2Hyy-B-xdvkLO5we-rZ_B1jljnuCN-IujIu6NtlZHjbZUZ8t1mnIhQDGi51tsJTfjs_Xf4fqY0W1s2w6_f9EtQtg92uEnWacRE1DHkmyXBGNcrSvucfL9mdrm3lZq9pVRHaby-9dbKWhhrboxQ0RhUFOT_X70KXxRk7ubi5Ms2__4NfnwAE18s_lOqnPsYRhF4sQUpCCS_INMA9XIY_sSPxy9--POaHZm76GgLNDlEFObo6Rw9mYPKIUx6Y5TE-mLx18Yk4Elr5EltHXtSyy-u52TEZaVZ9xqtdrvFgxYLGqxRbzC3aXPXoW7LcZ0mElOI1eqP_wYAAP__20CXY1UEAAA=","fqdn":"realizationnewestfangs.com","domain":"realizationnewestfangs.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realizationnewestfangs.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:53:00 GMT","end":"Tue, 27 Jan 2026 23:52:59 GMT"},"fingerprint":{"sha1":"1B:06:06:C7:58:90:D0:32:92:B4:AF:0D:13:36:3E:BD:15:17:6B:46","sha256":"5B:0B:55:E5:3A:EB:48:93:35:E0:BA:60:C4:23:AE:E5:7C:C0:C8:63:A3:06:E6:FA:BA:9E:F0:CB:1E:B7:A1:E4"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1SSz2skxRvGq7M5fPl68FfwJgyCsKJMemZ6JtPuIRpjQjAmMRvJwYvVXdWT2qnuaqu6pyfjJRiUBS_jzYOHzjPJBtcl6B8grhNvAcH2lMMGxX9AUPbkQXoysPhCve9bfOrwPO9bnx2lV6SBlF5uvasGQko636zalZu7ImIqM5WNnUrNrtq3Krsiajm3Kv0y6d7rtYZTtV-prHK_q-brds22a3atsiI0D1R_fkIh4gdureraVaderTUd9PV_7ya1YKgF1rsiz0Gw4uk_gg8g_DGi8NtlbrqJil97O0wlTZRGj52-H3UjlUUIn7SBthBEp9PXUKYg5MsZqOh06gCqd1w6gCcKMvPCI3jR6VQmvN7JtVJPgkfw2FPIemNwOYagY_jqEIL9QgCfYWMTUXhvQ-mM7l9TWtKCzD7-CyIryOyjOUTh2ZIU_cptJdNEqMigH-QQ_TFEZ4w4PUcysCCyc_jJJxDsZzL_eB1ReLxppIJg-cS9CMagxkJaHmEhDSyksYWQXVYcu-34NdpoBS7zF2yHOg7jnu2267ZNXX8BqV_KGiKJh_DlEL4-QKwP0BVD6PQhzF4OwyyYpCDWewfosRwZJ8gMQUYJMkGQJQRZLz9h0tRNfo9Jk3q1aa1PayMfqaRzRE9U0uERAdVDaJYfi_gjcwg_uTEaBIaNVJmol-Qj6rH8KL4iz5ZTsz79PEaXX1aCwOVNz2svLAR-215waqzRaLaZSx1er7frLRiRQ5iZyUAGoiArWwPEoiAvX_4PHj2HkefwxTOg6YugWQ66l2MQ3b_Du8qoqq9CMJUjTmaR7FtH8oo8P9reWXo4Wd2Hyy-B-xdvkLO5we-rZ_B1jljnuCN-IujIu6NtlZHjbZUZ8t1mnIhQDGi51tsJTfjs_Xf4fqY0W1s2w6_f9EtQtg92uEnWacRE1DHkmyXBGNcrSvucfL9mdrm3lZq9pVRHaby-9dbKWhhrboxQ0RhUFOT_X70KXxRk7ubi5Ms2__4NfnwAE18s_lOqnPsYRhF4sQUpCCS_INMA9XIY_sSPxy9--POaHZm76GgLNDlEFObo6Rw9mYPKIUx6Y5TE-mLx18Yk4Elr5EltHXtSyy-u52TEZaVZ9xqtdrvFgxYLGqxRbzC3aXPXoW7LcZ0mElOI1eqP_wYAAP__20CXY1UEAAA= HTTP/1.1\r\nHost: realizationnewestfangs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: realizationnewestfangs.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 11d2bd411399fc016b31e0b2358c3846\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"realizationnewestfangs.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 20 Dec 2025 23:18:25 GMT\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1f04e9e49d52374a409de4887e47180d","sha1":"8fee2f920567a574448d1aa6565c95951b68f9b5","sha256":"10cf0680b9dc5b310d265479bcebc5b380474bf2e8da9361cf8be458d183994e","sha512":"5fde8f721343e9c6254229e791ed64d6b47f28fad7690f7c83fa8c29e3112d0974f65ae0c63f09acd3e026dcb56c4de3fe0ffe37c464eb326b0495aa6c03b31c","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/9:pCJmwBUiRDfMTcfFBhiEymdmtC0BQiVb","tlshash":"df7210a1041750009b834ce223cebf35fe1f52117152d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:20:32.486705Z","last_seen":"2026-02-19T22:23:13.628811Z","times_seen":6025,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/wp-statistics/assets/js/tracker.js?ver=14.15.4","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/wp-statistics/assets/js/tracker.js?ver=14.15.4 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 19:59:22 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5b1a-22f7\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8951,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (4474)","md5":"ca2be7699b36cdb54806c8f512492520","sha1":"f054bad5a98ce4d60e9f560c2f93a364efedab93","sha256":"c01fa4f79ce47a5a684b37c31f49b9304499fb1eba255aeb9d03cffb3d7e83ee","sha512":"8a510ae4a71f25b9dc99026fd4b0f883a41821e2774476e8d765eb2cb151d5fcea73168f25cd5ec4170680b3831dd67f21fa0d2245bd2830b8b6872cf3db333c","ssdeep":"192:5nQ998xYO9SkmsKlsLqWOGAOZPSeIWCE+D:5nQ9WxqCLw/WCEq","tlshash":"0c0284467bd25af1ccf23468152a2a3975ab0ed33202e170f828ddd3445c6d6e743b7a","first_seen":"2025-08-11T14:39:25.499896Z","last_seen":"2026-04-05T01:03:07.585829Z","times_seen":1612,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":205,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/uploads/2025/12/portada_693f59ea48f82.jpg","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/uploads/2025/12/portada_693f59ea48f82.jpg HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 131837\r\nLast-Modified: Mon, 15 Dec 2025 00:44:26 GMT\r\nConnection: keep-alive\r\nETag: \"693f59ea-202fd\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131837,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90\", baseline, precision 8, 1200x762, components 3","md5":"c59ef8580cbdf438218db2b519a1b2f3","sha1":"1a62ac9c8001ff6379c26a99a5023de5de5de397","sha256":"94f69da0f1e27586134be11da85ecd0c71235f94fadc6e0f56dffef1db15aaf2","sha512":"4faf129d9180ea88a7e52e9a7f8a3c7b3eaf4a4586dc568b8e13afac8d8790b17a90b151f042d6f6aae908a544853c6d4d5b6eb0815c7cccdab8d4c21e701bee","ssdeep":"3072:DeYVmDlEmYNaFh50Ruu0HjuR/w0bRSfFrAwTzGtg5R:DPVs+mHh50yHjwZRSfBAWitgD","tlshash":"40d3f0a6fbd3d741a3c3b56e103fbd3b07990ad410e5aa2745c34c415096fba8987a3e","first_seen":"2025-12-20T23:19:01.058501Z","last_seen":"2025-12-20T23:19:01.058501Z","times_seen":1,"resource_available":false,"data":null}},"time_used":740,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":617,"receive":123,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-json/wp-statistics/v2/hit","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"POST /wp-json/wp-statistics/v2/hit HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 186\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr; _ga_7K1S2B30FC=GS2.1.s1766272703$o1$g0$t1766272703$j60$l0$h0; _ga=GA1.1.1160632206.1766272703\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":186,"data":"wp_statistics_hit=1\u0026source_type=post\u0026source_id=10748\u0026search_query=\u0026signature=0220fde9d32ccdf0e8a8dce57f1a39f7\u0026endpoint=hit\u0026referred=\u0026page_uri=L2dhbWVyLXN0cnVnZ2xlcy1hbmRyb2lkLXdpbmRvd3Mv"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: 15\r\nConnection: keep-alive\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-cache\r\nPragma: no-cache\r\nVary: Accept-Encoding,Cookie,Origin\r\nX-Robots-Tag: noindex\r\nLink: \u003chttps://jekoso.com/wp-json/\u003e; rel=\"https://api.w.org/\"\r\nX-Content-Type-Options: nosniff\r\nAccess-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link\r\nAccess-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type\r\nAllow: POST\r\nAccess-Control-Allow-Origin: https://jekoso.com\r\nAccess-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":15,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"28ec1eee5f4049e3c4f2135069c1d2c8","sha1":"3505519507ca1c2a089c46e100b80408ca278421","sha256":"edc48cd3b0bc4fa7ba23aad40b8508a17d370ca38be174bae2a2f64634e65a2b","sha512":"f71618e40ebaa14ab6d523a2341258c0da264b545388f8fffd14c31c64b35f94b21eb633316c4d77afcd864aade1db588ef6387ee0c4787e6f7770db0abc1183","ssdeep":"","tlshash":"f06000020000002088800a000220aa302a200a20080a0080000c30200020080800a002","first_seen":"2023-04-06T19:00:00Z","last_seen":"2026-04-05T01:35:56.779889Z","times_seen":8988,"resource_available":true,"data":null}},"time_used":1594,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1593,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/banner.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/banner.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 31747\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"675af4e6-7c03\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 6735796\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IkgCFb%2BBfdk3XIFn7k6%2B0MqBQzoBMvuqXjo7VQBkP8pXWUnRS4ijehDzTgFPy0TXMyPDrE%2BIELcK04tp3X5zChpBb0TP7NnAcvSCv5Jr\"}]}\r\ncf-ray: 9b12dbd94e7e56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced","md5":"8b80e5aaebd2987d46dd0382da97fdc1","sha1":"bccdfd974f19600eac67f10c43a8d3cd92188aff","sha256":"41f23c36cc8dedef9d191f90f7f85c4aebba6012af7794fdfdf30331df5afe05","sha512":"dbc5a79c4e6b8cc0c1a2a20e857a399e84ff155ce6f68a6de65af23c20d57d7075bf93ba40748fa39942ce84001da19cf5dbd22ab2ab5b4bc3df63d220741e88","ssdeep":"768:oUUUUU2mxm90tQeKC4/cDQ+dexqKogEmXoYIQSR/Fiwecp8wwwwwwwwU:oUUUUU2J+s/cDx73jlp/E7+h","tlshash":"b2e2ae13c4d932371c5a9ded9b6b2b847aa225e320401f7bcf1e1078248b4b5fd27d9a","first_seen":"2025-07-04T18:28:09.276271Z","last_seen":"2026-04-04T17:41:38.106886Z","times_seen":3130,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/recaptcha.gif","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/recaptcha.gif HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: image/gif\r\ncontent-length: 65140\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:56:01 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68b97041-fe74\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 317959\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jynSEemhYy2jRGWI8MnVFFizSsOW1eWGWu%2F4Zihzj4o7FKT4B3ATIt%2Bbs7wvS8XAbD4DC%2FphcIDknJH38LpLmuoKspRc6AChyDV5h%2Fg6\"}]}\r\ncf-ray: 9b12dbd95e7f56b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65140,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 616 x 164","md5":"a83efb86bdb5d741f6103b69d6979035","sha1":"c944477b467f4aee49b4c86f3622a3519679667c","sha256":"e62a51a868623e3d04ac6c1bf28c3d34dd1e7008b9d62753963b2e2272971774","sha512":"9638afd8bfa476d24261a76a49c0e6df11c39db07cc357025f40660a3140499f234956a6971fce1ef0b61f74edba0f39e54a9a75e81adcbe423415f93dd23709","ssdeep":"1536:pcrveQZWvRPMwQUWJicq8ILNUcB4nReNsnrIfOPBVeD:Orve+WUJohC0fO5QD","tlshash":"4853ce1fc2181eeafc3bcbb6520b8d160a415b751c54c613e6b9f1c5382c5de2b15bae","first_seen":"2024-10-23T13:11:53.403324Z","last_seen":"2026-04-04T17:41:38.136666Z","times_seen":1660,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bli6zSBdL1HLETB8S22LO7gtvoLlQvToVpRCEWFj7PclOuJ11UEb5TJVMj%2FyqlK1yG%2BaldyW4SpltT%2BAqsaHotMLdNsVFaAT5413KIXm\"}]}\r\nage: 316208\r\ncf-cache-status: HIT\r\netag: W/\"68b9703b-149a0\"\r\ncontent-encoding: br\r\ncf-ray: 9b12dbd95e9056b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators","md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-04T23:48:21.884322Z","times_seen":10405,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=544","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=544 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=564","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=564 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:25 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":100,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/694375595f84f_image.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.669Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/694375595f84f_image.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 79016\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-134a8\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":79016,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 820x461, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c58d8acb077ea364c138a035459f607a","sha1":"881490f908b83049f92a2d2f24815330870c45ce","sha256":"a0bdfe8dfbf55e8eff260633c28f27dd280c777f3c0ec84a7c9d60a1348d1628","sha512":"e336e000614a486e7345660f16690ceeb9b5d41179ed9fa95ee879567492bfc192610953d6643054b3d1f7570780611153a8f470714fbd8fad4e6bb2a3d074a6","ssdeep":"1536:668PgkOl1FG1h2h2sqAKMCN3i5pk7fhwPjQOS9jNYZk8mfyAUqBblnH2dnk1tKyV:KMWhWChi5qm0OS9Bz8u75p1N","tlshash":"df73020eb1a61884133489ff617a7c824eb739f12dc197767670ed7d9ac634810bf522","first_seen":"2025-12-20T23:19:01.062475Z","last_seen":"2025-12-20T23:19:01.062475Z","times_seen":1,"resource_available":false,"data":null}},"time_used":674,"timings":{"blocked":295,"dns":1,"connect":70,"send":0,"wait":132,"receive":101,"ssl":74},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/simple-ajax-chat/resources/sac.php?ver=20250329","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/simple-ajax-chat/resources/sac.php?ver=20250329 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 5477\r\nConnection: keep-alive\r\nCache-Control: no-store, no-cache, must-revalidate\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nSet-Cookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr; expires=Sun, 21-Dec-2025 05:18:22 GMT; Max-Age=21600; path=/; domain=jekoso.com; HttpOnly\r\nPragma: no-cache\r\nVary: Accept-Encoding,Cookie\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":17639,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"e9f3e4f8dbc133d6d73996f805730b40","sha1":"89dc946ddbbce4f4cfe16451b36bfaff13ab472a","sha256":"5eeed0d3fe5b65a395ff21d5fac95b763a69b4b40db6d2227439e312f8d5f555","sha512":"fea17a466db98b4f91d9869e3e05b189f784ba41411fb59093c17edc1b8cdc3e15e7c6696b4ffa7d1910fd97a23f897a791d15b0b5c3f20898393a9f82bc73cb","ssdeep":"384:n/wY7Kem5Lt27KUaeDnO5JceK9azZNIivW:ot5w7KUbDnOpK9az0ie","tlshash":"4b82d8a6f7db903293f630936d3e72ad912f45b12c426c3a7d2c84503ae0d69a17ed34","first_seen":"2025-12-20T23:19:01.064364Z","last_seen":"2025-12-20T23:19:01.064364Z","times_seen":1,"resource_available":true,"data":null}},"time_used":381,"timings":{"blocked":155,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/ymc-smart-filter/includes/assets/js/masonry.js?ver=2.9.69","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/ymc-smart-filter/includes/assets/js/masonry.js?ver=2.9.69 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 20:13:57 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5e85-1e68\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7784,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7783)","md5":"cfe8cf7a1a910953efbeef75326f1832","sha1":"7e8427208711fac93baf67d1b38f59e4c88f533a","sha256":"dae18e7a49f6235c9ef93579250f2521b2b11479652c17983d583721311aeb5c","sha512":"14a1c7f77745bfb61e34898fdf57f573f662d8e1a59fb9890f8986051652a5205b81d2b6899bcd3a9e00e4b1f30e9c285391f2af02e024c3b9530cec72da1503","ssdeep":"192:+ZkfJ4wCGoKCpvgIoM13AnIKneiQMnpfEtb:+cSn+CBfou8/oMpfY","tlshash":"f9f1a658b381b431d297b07e446f010bf239a829a599d4c4f339e4e29df585e527bf38","first_seen":"2025-02-27T20:13:31.011626Z","last_seen":"2026-04-04T20:56:43.066854Z","times_seen":130,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":205,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/ymc-smart-filter/includes/assets/js/script.min.js?ver=2.9.69","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/ymc-smart-filter/includes/assets/js/script.min.js?ver=2.9.69 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 20:13:58 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5e86-e9d4\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59860,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (59860), with no line terminators","md5":"dcc26211c0a5577eefdf3f155fd0c1ca","sha1":"6dc24aa8e45fbee6b243ca3b38137b6be425ddfd","sha256":"a43aaa137a47a789200c1ca2fda1ee3e2d66cde8ad727b4850ea7807461ca3de","sha512":"2bc121e450c82f1547d7c268baef564ab668d88368fdc5495b79f4c130a09030e8b99b83a4361f866314bc0cd45d4ff48f3a561497eb5ff1b5e3d98bf7160575","ssdeep":"768:Zd79X74aFOFKD03hU8LqV39QrOa4W5bGyF0F0t9zH+a6g7z1:CLqsrOnW5bP9a6","tlshash":"d6439915fbc0a1f410f73629f0f720d1dae96de3f05498b9b42a85b565abd40e0e2b39","first_seen":"2025-06-09T08:00:07.939816Z","last_seen":"2026-04-04T20:56:43.075696Z","times_seen":127,"resource_available":true,"data":null}},"time_used":339,"timings":{"blocked":267,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:56 GMT\r\npriority: u=3,i=?0\r\netag: W/\"68b9703c-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PPEzkiJCPmUq5A64drZ5tM%2B7sqPJUEVTjxZLOuZRTta3mqS2VSXg5qiB9u74TSlGq5UzVwvmxPicahWKf7DKRb96RpVPuDdK0vD1kGjo\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b12dbdabd5056a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-04-04T23:05:44.601335Z","times_seen":5458,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:26 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nage: 0\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hnCC%2BluA56XIbHUU3I%2BPvA8TVECmGpPr5hhzBHpWXxkX73FxK3WGWhiEq2S0Fned8u3GdxSp5ssf3F073%2B1VOoUH0923R%2BTUX06i5iUO\"}]}\r\netag: W/\"68b9703b-2762\"\r\ncontent-encoding: br\r\ncf-ray: 9b12dbdbbe2056a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10082,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"efffc36bcbcc0aaea3978474151a0122","sha1":"f9b9c23faef40025dcfe3f1dfdb158ce2855b83b","sha256":"4da2338ad196c676f6a310b1b91f8e4c3e513fa07cb3b7022ca9ecc4868db398","sha512":"52afe7b12764a6297e3cb430eca352a3d778802b79e3cbeb4a2c22b0e070496abd9bfb78823573aa1e4a0bff1f52f79dd9ab92a55341324c175c3ce811d01aeb","ssdeep":"192:iFJuLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToS:iFMLiEWiFiHn1VuexjrHnAyF","tlshash":"2222420409b9d921c45ca02f203e2666f7240a539d7abfd4bbc941045fdd96f79b823f","first_seen":"2025-09-21T13:47:45.283292Z","last_seen":"2026-04-04T17:41:38.132889Z","times_seen":1583,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=486","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:26.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=486 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:26 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbs?c=1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:26.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25529200=1; slecff9e5bb877fc80741d3358d9a4e22826=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:26 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T01:47:03.978699Z","times_seen":13354468,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto%3A400%7CBarlow+Semi+Condensed%3A400%2C100\u0026display=fallback\u0026ver=4.11.0","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css?family=Roboto%3A400%7CBarlow+Semi+Condensed%3A400%2C100\u0026display=fallback\u0026ver=4.11.0 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 20 Dec 2025 23:18:22 GMT\r\ndate: Sat, 20 Dec 2025 23:18:22 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8545,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"efcea6f4cb050fc0ad0a3f6015da69bf","sha1":"6e7fb422f992ba424b9f3246616349d51f1fadbd","sha256":"ad64337720f537897680b824e7ac1b59750dda96954da2dcce94820fe37c1b25","sha512":"5c68e91417a0af75321124d685c53d6f52f2ef9e65bf0d54491a0b79188dfef8f2452051a04e8c1a96463d21151fce689ceb34136db1495a5af137acf0e22d5c","ssdeep":"192:c7cTcXecXH4C4UNjbN7NKNXhNbqWNtbqGIwV4ENWNZdNS:c76j2JjhBwHecJqY4CchS","tlshash":"77024091082b50409b938cd227cfbf31fe5f92117048d0b9abfd1a5adcead6a136974d","first_seen":"2025-12-05T20:30:47.755715Z","last_seen":"2026-01-03T19:55:30.057042Z","times_seen":3,"resource_available":false,"data":null}},"time_used":476,"timings":{"blocked":212,"dns":0,"connect":7,"send":0,"wait":30,"receive":0,"ssl":223},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/694375593f2e9_14.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/694375593f2e9_14.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 453620\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-6ebf4\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":453620,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"04b631c769141ec8d033d54031fc8cb0","sha1":"d62394ba3686774ef06f4a1d536709eb26baaf05","sha256":"6eeec454368e2aa4f81e30eace96345aeb3a47c8b2a639ca43939d89fdc3ffc5","sha512":"ba195e6b4a2fa03f3150daf9411529f711d52c5f446338ba911fb8ca6f632b6fc0e4220bd643c956f12a63b5e00d6a3e5494ae0a39612bdd0b0a98045e9dde4f","ssdeep":"6144:xV82NzulfRQnIKoTpWkhj+EGIRU9788cK7hfMJhPEdWjgVB1taVWA8GusW1mICOQ:xV82kgFoWw74GRUf1tarjd/IrM7ae","tlshash":"1aa4236f43cd8fd9fbfd4a7e585c1967cb209954228381d297b014306aa8b134d7bea8","first_seen":"2025-12-20T23:19:01.0687Z","last_seen":"2025-12-20T23:19:01.0687Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1212,"timings":{"blocked":298,"dns":1,"connect":58,"send":0,"wait":112,"receive":664,"ssl":70},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/sister_neia33/003/694375599521a_2.png","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /sister_neia33/003/694375599521a_2.png HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: image/png\r\nContent-Length: 193583\r\nLast-Modified: Thu, 18 Dec 2025 03:30:33 GMT\r\nConnection: keep-alive\r\nETag: \"69437559-2f42f\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":193583,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"77f95c484ebebca5fbeaee77951d2cc4","sha1":"90564fb0148549f48dc58d9d9c1f5f5e0541ce7e","sha256":"2b314788c6aafd4c437a16f4a3080bdb48e9c86821f9ca9511367a0a0d26c928","sha512":"6c1264677be590bb84456cbd2d8da9f6d5b7998dcc3f316115a4a07ce9fa7c001554e673bdd6d448bae577460f7109e25268470580b22efae323d656d03908c1","ssdeep":"3072:x1qJD1u8DWO7fXjy7HQ7ppyj1aWsMEpl78XH1SZ3Qr7Hdkiw8IDY8yA7Y25wjvcV:LqR1u860fX27HQ72tE6I3C7dHgyA7YCZ","tlshash":"781423238b3dd4de4969a1fbc5748f03b3478cbd6db32249d1a2ae951f828e7b546003","first_seen":"2025-12-20T23:19:01.07045Z","last_seen":"2025-12-20T23:19:01.07045Z","times_seen":1,"resource_available":false,"data":null}},"time_used":683,"timings":{"blocked":569,"dns":0,"connect":0,"send":0,"wait":87,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.3 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Tue, 04 Nov 2025 19:52:48 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"690a5990-53d8\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21464,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (8189)","md5":"da215ae12b95b3aeeb2047667016c7f8","sha1":"480a7087aa74b5b47c47f05a11670e823a3ae4c0","sha256":"699210a5ed06e497b4730ec83bb65ac4c2269ae4a0ee8af3f24aae7ee5b66b76","sha512":"d256ddc828c06f7b84f7df706a4481928a186ea6d3e1358254a1ec02f403d72d2f3aecd682a93aad61b8f236f17dbcf7e6ca100f78c30a348682bf8ee125d8ff","ssdeep":"384:G/rsrDr8LVyraS3dtrqorqr8hrpCip8fuxNhlGX0CiS9rH/OrLrErJ29FkFvd:iS33ZdvK47kv","tlshash":"06a2d94eb246380586f7a2a5402f521fb132e25cb105c8ddf468d8da3c7eea95173f79","first_seen":"2025-04-15T23:53:17.313193Z","last_seen":"2026-04-05T01:48:15.426454Z","times_seen":218288,"resource_available":true,"data":null}},"time_used":321,"timings":{"blocked":253,"dns":0,"connect":0,"send":0,"wait":67,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"descargas.jekoso.com/videos_juegos/dob/videos_promos/paaaaaan.mp4","fqdn":"descargas.jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"descargas.jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 03:57:46 GMT","end":"Tue, 03 Feb 2026 03:57:45 GMT"},"fingerprint":{"sha1":"45:84:38:5C:D8:02:30:6F:44:88:29:6D:CF:49:E0:C1:C7:4D:04:5A","sha256":"42:DA:8B:54:54:08:44:90:C8:AD:19:08:50:B9:2F:8D:59:CB:A5:23:82:88:90:F5:E0:F3:60:46:CE:94:CD:13"}}},"request":{"raw":"GET /videos_juegos/dob/videos_promos/paaaaaan.mp4 HTTP/1.1\r\nHost: descargas.jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 206 Partial Content\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: video/mp4\r\nContent-Length: 681374\r\nLast-Modified: Tue, 25 Nov 2025 03:03:47 GMT\r\nConnection: keep-alive\r\nETag: \"69251c93-a659e\"\r\nExpires: Thu, 31 Dec 2037 23:55:55 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, OPTIONS\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Range\r\nAccess-Control-Expose-Headers: Content-Length, Content-Range\r\nCache-Control: max-age=315360000, public, max-age=31536000, immutable\r\nContent-Range: bytes 0-681373/681374\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":681374,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"03548cfdc47c65533a8ac6c0980e232f","sha1":"de97feb1c1e5c69af372004104ad2d60e3f4b470","sha256":"8c901650ab4868a8618cdeea1f3f12b96ad371f837652091cf0dc4e2ea8ae470","sha512":"61bb2c9d7646848e17bb482b6ea973260973be60aae12c8ad2a66784b2aa4acaeda4eac2c5af4ca84d8ac02bbb3952eda4adb5b5c0efd8225635de6800b33f99","ssdeep":"12288:aW2X+EX46MrJKAMXobivUljGtj6Yug0wcpMIMSQoZ3cMKeQYlGmfEVl:y9XMrJVMXFsAUwvIMSKMTXG","tlshash":"16e4236e170b2449c5955a74d8c2532e1af8e7f98e9a4702a4273b853fbcfd42d4acc3","first_seen":"2025-12-05T20:30:47.749566Z","last_seen":"2026-01-03T19:55:30.059976Z","times_seen":3,"resource_available":false,"data":null}},"time_used":941,"timings":{"blocked":72,"dns":0,"connect":0,"send":0,"wait":520,"receive":349,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"descargas.jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f867c5df7b4417cf7c06ddd5b13ce904\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-04T23:48:21.876835Z","times_seen":13234,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":80,"dns":7,"connect":17,"send":0,"wait":22,"receive":19,"ssl":52},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-includes/js/wp-emoji-release.min.js?ver=6.9","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-includes/js/wp-emoji-release.min.js?ver=6.9 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nCookie: PHPSESSID=k0ob569tlu9v75kjsc0c6cqrvr; _ga_7K1S2B30FC=GS2.1.s1766272703$o1$g0$t1766272703$j60$l0$h0; _ga=GA1.1.1160632206.1766272703\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Wed, 03 Dec 2025 07:51:23 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"692febfb-58ea\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22762,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (19823)","md5":"f0cc9ba5cf46af0cd73d521803e3b07e","sha1":"7d2a74f87dc70a39eccce3bae1d4cc404cb134f4","sha256":"fd59b0ebf6282ed71647bf2f6e0d1925bbfd1f270865a832079ebb60259aabca","sha512":"7ec44f08676c195547a623504c7105ef3d0acea5839675599598043f3e0b5a3386452e3db6fbea90722f7be9e6effdae1b89c49e2b05b22b8c415616e07d471d","ssdeep":"384:WzevzApRZTbXU/3o//bEPhXgA5POkpJTX:Wsk9XU/3o//YpXgAs+hX","tlshash":"7fa2959ba33a4e8f343e3bd78d968f4dc9da555321c0e079dbefb6c169a00568274c80","first_seen":"2025-11-10T19:52:32.864936Z","last_seen":"2026-04-05T01:45:14.950741Z","times_seen":132317,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jekoso.com/wp-content/plugins/jekoso-live-chat/assets/css/chat.css?ver=5.2.0.1766271720","fqdn":"jekoso.com","domain":"jekoso.com","tld":"com"},"ip":{"addr":"176.123.8.139","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:22.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jekoso.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:51:58 GMT","end":"Tue, 03 Feb 2026 02:51:57 GMT"},"fingerprint":{"sha1":"E6:CF:02:B7:22:1E:9B:3B:25:A2:37:1D:74:5F:C9:25:EC:C2:6F:4C","sha256":"E4:94:8C:87:CB:71:EF:CD:2A:1B:72:7A:9A:C0:45:2E:81:5F:61:E8:F1:35:2D:4E:EF:4F:26:97:13:EB:51:6A"}}},"request":{"raw":"GET /wp-content/plugins/jekoso-live-chat/assets/css/chat.css?ver=5.2.0.1766271720 HTTP/1.1\r\nHost: jekoso.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/gamer-struggles-android-windows/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 20 Dec 2025 23:18:22 GMT\r\nContent-Type: text/css\r\nLast-Modified: Sun, 14 Dec 2025 12:20:35 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"693eab93-217b\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8571,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"837446aee29e0b792585010bf0b5f914","sha1":"efbe9927a5906d936a240610bbc6014cc3ba997a","sha256":"00750df2d54b5d17c44b6a37442476d100fa3d6818ded8ee1922aab8c8c8eb3a","sha512":"ed1a9bde4a1bc1071b2dc6d6339d10c560fa9b2c8b75ef5260ae6fa25535d3e8cdd1bde99292f577e6f3c711b221e875ba07b5d22a08f8eb1e74cfdad08bd210","ssdeep":"192:+Y5Cj+QNFON9dpEOv/wT+MuSbbURTF3frdTEEQ4vH+ZYWkNu9Z6QY3n+kvB:+Y5Cr+msFPROCV","tlshash":"6102f222a3139202f097ea647f9bd78f7265d2039149667cbd911088cf8d1ec853ebf5","first_seen":"2025-12-20T23:19:01.074658Z","last_seen":"2025-12-20T23:19:01.074658Z","times_seen":1,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":42,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"jekoso.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sighhigherapprove.com/ff/9e/5b/ff9e5bb877fc80741d3358d9a4e22826.js","fqdn":"sighhigherapprove.com","domain":"sighhigherapprove.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:23.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sighhigherapprove.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 21:31:31 GMT","end":"Wed, 04 Feb 2026 21:31:30 GMT"},"fingerprint":{"sha1":"69:53:6D:9D:79:68:86:77:2D:27:FB:9E:D2:07:F7:1D:66:96:A9:9A","sha256":"12:EB:22:E2:31:96:89:64:7C:5F:FD:2C:B5:EB:B3:EC:EE:98:AE:C8:03:FD:54:0E:70:D3:B0:3F:D7:2C:9C:0B"}}},"request":{"raw":"GET /ff/9e/5b/ff9e5bb877fc80741d3358d9a4e22826.js HTTP/1.1\r\nHost: sighhigherapprove.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 20 Dec 2025 23:18:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 30177\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: sighhigherapprove.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c71805eec99bd6f7d47f19bd1bbb0341\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78779,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"9bc0c5d803a9fafe0246fd3a4bcdd935","sha1":"c6711d0ec7b33d3b05e29bf7d87bc1ad4ad2d4f7","sha256":"18a47fc5a6fc1cd2ec35ff7adfed70d3964c916e8a71da45451541434e104c85","sha512":"fd40985919e86cfaf2a912b1facbbac2be5da0bd9d3e532814cee2f50c8425d1373a377fabfd55cf75cb823c7da3633b3eb18c335fddeaef642a4340145ed5b2","ssdeep":"1536:H9yUBg8XFOUGtAVTesz3WArOwlNyBv77NzxpQ2jFFwTpjI8:H3B91copUhxpJwNI8","tlshash":"097309487f42b16b5352a073626fd047f0256f1261ecd498d123e6e86f6c33af636b98","first_seen":"2025-12-20T23:19:01.076005Z","last_seen":"2025-12-20T23:19:01.076005Z","times_seen":1,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sighhigherapprove.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"sighhigherapprove.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.360Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 13:25:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9935a-18f3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wD%2FYvQUHlLx%2FalJ2076QQPgGQyxx9wgwDOMJAIzCqJDYO5EGCrM0QNdm3Ah8A4sg0G4OwMhlCPWtPxL5aLExWIiUudVo5zm%2BUBALWtpw\"}]}\r\ncf-ray: 9b12dbd8ee2356b7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6387,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"20b72d2b5d691275f5e1f201c54208eb","sha1":"a8082db410892a8b50274eeb812fe58c04e5e407","sha256":"476950bbfeccfbd5ad93c5ad69d5192e62e9eb9e3e03dfc2447c98c7bb5634e6","sha512":"5702a11b753960144f8debcbbff5ad272f00543b6b8bd71a440fb28945bf4d81bd75cc1a08fa531e10efe8aa8dbcb6305dc882e12b8854ccb6f88b62dbeb934d","ssdeep":"96:1zlzMUmWCfICX6zXXgCfUKOtAYiY5mnM0pfiUpznL4OHBCHL+OCBhEkuCo1cCJ0v:LMZnincKOyXnMsIM0M9X4U4H4vFEa","tlshash":"ebd130a617650204740bd8563d126f17a3688053ef0fd9b86ed2244cceca6ce56f378f","first_seen":"2025-09-21T13:47:45.281723Z","last_seen":"2026-04-04T17:41:38.125781Z","times_seen":1620,"resource_available":false,"data":null}},"time_used":621,"timings":{"blocked":62,"dns":20,"connect":1,"send":0,"wait":494,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://jekoso.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://jekoso.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 13:25:46 GMT\r\npriority: u=3,i=?0\r\netag: W/\"68b9935a-18f3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 0\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=miz0mnkb8VFMjr6D06Z1RFDeT3LNr2veDUOeVlxxo17Ymdh%2Fai3iaqD9tRaiVkrEIf04YGdg4SfH37MpNi0ZPsZyPLoeRLq6VKYHcfiq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b12dbdabd5356a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6387,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"20b72d2b5d691275f5e1f201c54208eb","sha1":"a8082db410892a8b50274eeb812fe58c04e5e407","sha256":"476950bbfeccfbd5ad93c5ad69d5192e62e9eb9e3e03dfc2447c98c7bb5634e6","sha512":"5702a11b753960144f8debcbbff5ad272f00543b6b8bd71a440fb28945bf4d81bd75cc1a08fa531e10efe8aa8dbcb6305dc882e12b8854ccb6f88b62dbeb934d","ssdeep":"96:1zlzMUmWCfICX6zXXgCfUKOtAYiY5mnM0pfiUpznL4OHBCHL+OCBhEkuCo1cCJ0v:LMZnincKOyXnMsIM0M9X4U4H4vFEa","tlshash":"ebd130a617650204740bd8563d126f17a3688053ef0fd9b86ed2244cceca6ce56f378f","first_seen":"2025-09-21T13:47:45.281723Z","last_seen":"2026-04-04T17:41:38.125781Z","times_seen":1620,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/recaptcha.gif","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/recaptcha.gif HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: image/gif\r\ncontent-length: 65140\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:56:01 GMT\r\npriority: u=4,i=?0\r\netag: \"68b97041-fe74\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 317959\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u8KI989aAt5bqO%2FM9X%2Bs4l3ff47%2F%2FWZ9ArndgiaWFcBRRWcf8Y3g4UWyVT%2BS3I%2FtxRDnb7oBvpSKuRr1UwHoTBurK2ZWH5E5OSuirJ7EZRo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b12dbdb69d60daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65140,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 616 x 164","md5":"a83efb86bdb5d741f6103b69d6979035","sha1":"c944477b467f4aee49b4c86f3622a3519679667c","sha256":"e62a51a868623e3d04ac6c1bf28c3d34dd1e7008b9d62753963b2e2272971774","sha512":"9638afd8bfa476d24261a76a49c0e6df11c39db07cc357025f40660a3140499f234956a6971fce1ef0b61f74edba0f39e54a9a75e81adcbe423415f93dd23709","ssdeep":"1536:pcrveQZWvRPMwQUWJicq8ILNUcB4nReNsnrIfOPBVeD:Orve+WUJohC0fO5QD","tlshash":"4853ce1fc2181eeafc3bcbb6520b8d160a415b751c54c613e6b9f1c5382c5de2b15bae","first_seen":"2024-10-23T13:11:53.403324Z","last_seen":"2026-04-04T17:41:38.136666Z","times_seen":1660,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":9,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/banner.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://jekoso.com/gamer-struggles-android-windows/","date":"2025-12-20T23:18:25.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/banner.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 20 Dec 2025 23:18:25 GMT\r\ncontent-type: image/png\r\ncontent-length: 31747\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\npriority: u=4,i=?0\r\netag: \"675af4e6-7c03\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 6735797\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OGSJ9h0lpQpqKCmYup6RuCj4wgzcWKR0NFSiRdgEaTXb5HfPhLbbmxsi9YbidHTWf67qdEdrRban%2F%2BhfvoHK64XpezsodLt1LIt%2BhrZAph0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b12dbdb69d40daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced","md5":"8b80e5aaebd2987d46dd0382da97fdc1","sha1":"bccdfd974f19600eac67f10c43a8d3cd92188aff","sha256":"41f23c36cc8dedef9d191f90f7f85c4aebba6012af7794fdfdf30331df5afe05","sha512":"dbc5a79c4e6b8cc0c1a2a20e857a399e84ff155ce6f68a6de65af23c20d57d7075bf93ba40748fa39942ce84001da19cf5dbd22ab2ab5b4bc3df63d220741e88","ssdeep":"768:oUUUUU2mxm90tQeKC4/cDQ+dexqKogEmXoYIQSR/Fiwecp8wwwwwwwwU:oUUUUU2J+s/cDx73jlp/E7+h","tlshash":"b2e2ae13c4d932371c5a9ded9b6b2b847aa225e320401f7bcf1e1078248b4b5fd27d9a","first_seen":"2025-07-04T18:28:09.276271Z","last_seen":"2026-04-04T17:41:38.106886Z","times_seen":3130,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":7,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-20","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}