{"report_id":"479a4a39-e5b1-4155-95e7-632e4a35e50e","version":6,"status":"done","tags":[],"date":"2026-03-20T20:06:32Z","url":{"schema":"http","addr":"rytowin.gl","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":0,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"title":"Rytowin: Most Popular Online Crypto Casino Based on Blockchain","dom":{"size":1078239,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"0c8fcda7bf3fee064214c58d08224ff7","sha1":"f00316dfa84c2773b5e945090bcfd3bc03c6a45f","sha256":"d2aedd3903ea99c67aea5619e47254d84ec9c48aff7ce81e2e8d493a81cde271","sha512":"6ef33d2e0a8fe0f844c7b813f6b602ec18128ff3b5477a4fd7daeee1431e8364f6ecf71312fddb32ff7a3ed8a644aa12d3f0d6a90e258b46cd117631f9b9542f","ssdeep":"12288:NWJ24cvYrexWJ24cvYmSN87vIomx0wgH+vVKSN87vIomx0wgH+vVe6:s/cEeg/csNgvIh/VvNgvIh/Ve6","tlshash":"3435cfb963180af5f24997ddd9617c6832fa34ffbff18048d21a6e8601a999d4d0c8d3","dom_hash":"domhash37f10475e067e2e121f53ba537ba7191","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"rytowin.gl","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":0,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-24T20:06:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"rytowin.gl","ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"domain_registered":"2026-03-18","domain_rank":0,"first_seen":"2026-03-20T20:06:37.558324Z","last_seen":"2026-03-20T20:06:37.558324Z","alert_count":234,"request_count":78,"received_data":9369241,"sent_data":42012,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/57796.e45f39755a070442.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c24306889c066a0c6e45e5a719c217c8","sha1":"fcd9fec48774760225baf46e9b68349387190355","sha256":"54e16bb637371774001af0da9b7ef97c3ea54ed0a6d11d16a0fda0dea88b2cc1","sha512":"9447144ce13d74d63f080b3c10dafc8c0b37511d48498169ee13ab0f8bb21994e2f347f8d4deb66e92f9c409a1adfaec9636ab2a652de003415a7d10651ad7b3","ssdeep":"384:kuqCrrJ7sA6MdMuADbY/7lpbCWU4/RZRY+BJDnYDE0ycob034x3SUQXuzeAL6HxW:7F7sA6WXAInWg5rYMlYzyq4tYdlyBp","tlshash":"a7e2d70f430423b12b9212053f9e18dd772e916573128d5ab9ba916c334e9dab23bbd9","size":32589,"data":"","first_seen":"2026-03-07T05:32:19.77685Z","last_seen":"2026-04-26T09:09:06.237088Z","times_seen":1752,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/app/(auth)/layout-2f72bfb00bd0ee9b.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"eeb148fc570d2378a9f4fb4cef9277e8","sha1":"f15bcc479e6192f1c27e2c50e9957c34d69e1dc6","sha256":"28e0352c26286fc5b9430539a76f6e36d0f8ade3679fef2b830ed3805fb8b690","sha512":"0d5e4e9dc24973836af109e4586ee36dfa759ed54863e94049c0c21323043a57cc61354a7d5016b098e269eaabf1fe4be8e76ac9b487c6fe54177f0e396d92c5","ssdeep":"96:XZ8Q2TeV9GCuyzz3qZqCLXx29Hn5G9UV3aQ+7XCrUBTCUBTVy19GCOsY89GC4b6:p8Q2TeCtiz3Xqx29o92d+7XCrUIUvV3g","tlshash":"70c1a5b7b6c5fdb2565688d088378207ba503d37205fb480a7facce53169dca44d1f8a","size":5634,"data":"","first_seen":"2025-09-26T22:32:24.049018Z","last_seen":"2026-04-26T09:09:06.250815Z","times_seen":8687,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/58733-c5eff74fea05461f.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"608213cbae5946f55bcf6e3e236643d8","sha1":"e6181592f15a748e4b0e3a86966dc1cfb5d508e5","sha256":"dbbc5742780c4bcf13e1aa6afe878f0beb77154dda969c40b074b762a7afbbdc","sha512":"22e77044234d9e0b1b4cfa606b0cb04a83d7492edd1392a1880a984adbc4742f98397845f91d4a09f49e0ff4be85d190e7857113b818a5125c39ecd965504cc5","ssdeep":"384:7ry4eoKi6rba2BN4eofEPu2jQi/Q8nTREBJ6F5ACxKv82wfLba2B44eowGJdba22:7DHiG2Bkeu2ZQ8T6BJ6F5ENwDG2BZhJ8","tlshash":"498286e5e3ca73d0e10af7e44116943c3b6b21fe2b36cf584b9badb0a61549c654adc0","size":18872,"data":"","first_seen":"2025-12-05T05:01:35.743711Z","last_seen":"2026-04-26T09:09:06.252399Z","times_seen":8099,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/92148-6f19ac7166461fa8.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c6501be806cf1fdae07f7147e6e32ed9","sha1":"b46315e1e07d5c32e6f2185e25c453902013fa4c","sha256":"e897f0138e8011ec20fdf4ac0b924c9d3edcae74328a9700f502563b25897bd3","sha512":"9fb4560bfb3491d7afc719f71260e56dc3a2bf71d2c1104251901c02eaf7a2d0a9d249d90b51e3831ce7b66e7ef81603dcee6c97900ffcffc51b8e244493e1d9","ssdeep":"384:DLZQxW+19Vd6J4FU0Zs1Th/ndpRqgG4gjbI3/ovs2GK/sYp3wm7GjUWybgAKJ7r2:JQE+buJZ0y15dpRk4y+gt7/sml7GAFsg","tlshash":"b482d89da3e6a5e8f003e3f8835bd8353aa72df57912cc145beaac21d51109cb4a5cc7","size":18801,"data":"","first_seen":"2025-11-16T06:53:31.12293Z","last_seen":"2026-04-26T09:09:06.221056Z","times_seen":8184,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/73943-99a3b94d23820956.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"512c4da4d156f93b7d29d8340ada3158","sha1":"082c1a240f637c6f5330486ab255cb8473ee6dd1","sha256":"daae7abd463eebc16d588ec59026a628980aa1fc881543acfef0e7cd9e60c83c","sha512":"cf33d105d2d572573799bb4a268c2b559283c358228acdf978ee5f8a930040462aa8badbfa4cd2ba3847704db49a98822438013ee13731924f2d12ef3ad37651","ssdeep":"768:TIpoCFrHcJfP4gFxZePqxkKZoesmsb4xvH+k+BtJ+cIDGQwJ9IEH6HxHRzZASR/0:TDLhZLD+tPIRA","tlshash":"474383dd4bb019cd6dc49ae9bf0600bc363e92bab069882ced4d4d3850458d9fe1bbd5","size":55279,"data":"","first_seen":"2025-11-16T06:53:31.11087Z","last_seen":"2026-04-12T21:07:54.990652Z","times_seen":5009,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d4f58df8ef556437633bb90cc31469c4","sha1":"c1c713bb5046a54cb79a8e7537b6d7fca624fd45","sha256":"2dcb2e50c883929aebb7a64a7a22cfe2260d856a3c36a6926c082da19c552b7b","sha512":"54c8a79f5897cd198db689700c24f950ad7fe19eed815f8bfa0e47428701d8c84a1fd8f677a6f1b2a4f1443f35f2dbd19e6f456ceeebfb1c59275bb356e1a5e9","ssdeep":"","tlshash":"bfc02b041427c47b421c6f4dc02243d4e4b020bcdc492480801d181800d0c313b40cd6","size":130,"data":"","first_seen":"2025-03-25T18:26:20.414558Z","last_seen":"2026-04-26T09:01:22.329719Z","times_seen":26714,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a6e1178e4bbf5730bd664a49dd3bc24","sha1":"17c3ae3273f9de6afbbdedf2e413dbb3a6722792","sha256":"3814cddd18b2095e01abb745a99e5ada90178e709c09879324c3b623f2d829ea","sha512":"cfb1aab0bf589e33fd12906f448ddbbf7163420a088de513b174304c9ba3a7abcd9b41c98bc4dd51edd0206c1fe4660db9857e3c6163d1bf50c670cefddee509","ssdeep":"","tlshash":"de9002b090c39c5890264186687100160b6c040c01080141132184d810115048e40d8e","size":43,"data":"","first_seen":"2023-03-13T01:07:12Z","last_seen":"2026-04-26T09:02:55.893705Z","times_seen":101230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/39801.084c1265ceab40f6.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"938a092ea2cdcaeae93ee6b6fd784f5d","sha1":"204510eb11b94c92302c6c311741622a1b09ed72","sha256":"7ed47e76a0f733ab1ebaf59b88ef5d3a6a671bf8c1af48ec74cd9cf01377fc7d","sha512":"e30fe668cf899f5e6aa789cbcd1cba95248be44ec02966e22bcb4cef06200e6d8c5fd243415b0d30cf697572bf5ea6b0d51a7142fa45ccdeac9678688efa8a48","ssdeep":"3072:pRrcfJstYNwTXVN16F+ZbBiliiyXnbAlHq:ostY5GAGbAQ","tlshash":"b9b3f80f420813f22f921202369f69deb72f515563668d6578edd03c234e9e9a23bbdd","size":108722,"data":"","first_seen":"2026-03-07T05:32:19.784979Z","last_seen":"2026-04-26T07:30:40.281628Z","times_seen":1406,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/44638-22642ed4434648b0.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d0cfae03cd8f321178546f3d44bdf0b","sha1":"d952755162717e7ffadd30a573f4691a19b643c4","sha256":"a80e2f887fe98f5dd1f607d951147f5de620031519c6419ed1fb86e7b6621686","sha512":"56bf305f3b03e0fe79351d4cbfe166bc57557cdd91f72f22b3e967109e1a6f898528a59e5277c857fb69b465ddefaad1e500469821adc64dd225d1ada5986532","ssdeep":"192:e2weKRHbhH/3MO/Y0HURLDJYvYgcn/rNfI21OYR5ZAGPnSwpgy4jdzhJvkC05:/wd/MRLDJGAnjNfF1NVSJZ9y","tlshash":"00123c90b150797613678a62e1ff0706b33b845a5c1f84acb5b488456771e8e01fff9e","size":9855,"data":"","first_seen":"2026-03-07T05:32:19.773264Z","last_seen":"2026-04-26T09:09:06.232286Z","times_seen":1798,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/dc112a36-4dd9553e3950a789.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8b0312e3e2ff7226227ee081f6693db1","sha1":"823c7003795d9623f8992900a6f337f599bb7eda","sha256":"dccd0125f7ca7c6c5f3f8ae7d813743257cb55899fcab2d63b70fdf06b2a05e2","sha512":"612eb966b9409ee719588a9f82170d4d6c9b5c075b85981a1ac0dc0fb8119997de7f6a139ba2908d7ccfe0ab342f452e39ca15ec3d9fafdc1c2a7d36cda06d87","ssdeep":"3072:Hbyz4KjrqQmINGbpJGDc0Lf1c/X6Rpbdt0myoQj7sOU1IMi9wD5yojt:HijOQmINGbpJGDc0Lf1c/qD0erI5BEt","tlshash":"295419597254343805c540a9906f094bf736292e246ac49cb36cf4efa8bdecd31beb79","size":305838,"data":"","first_seen":"2025-07-19T01:07:13.417114Z","last_seen":"2026-04-26T09:09:06.223839Z","times_seen":8735,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d04ae2c8ac9e17585c07cfd56d6ec10b","sha1":"040cf2c07b00590472a2b10286841a2ca64e14ee","sha256":"d3b01f8639a79ef59535d83b4631402cdc4f5c4ff15e57801b3471a40584e990","sha512":"ef346bf5d3655fb36f5621eb86bfc27454bcdb2c8e724967fb5d6c63b02a506f9903bb82e88ef614bb72b4e5306f8483a43fa1eabf66f4a05f99b48168ce1a26","ssdeep":"","tlshash":"1241520f7149e8963cb6de1b55332f36988ddcb74239e168e60de9ab064297f830c951","size":2246,"data":"","first_seen":"2026-03-16T20:04:49.25595Z","last_seen":"2026-03-31T20:11:27.507089Z","times_seen":136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9e4f730d96dd782ea409300ba4fa1724","sha1":"e3c181ba37dce98b6628181d548fceab9f1bd299","sha256":"d2c84e700577a0dc31a0bd43dad2b0d23769060ceff2820c1fc1bb5744f1758f","sha512":"df08635e14151fd6a0c6459bb3b07f47b98bf9c9d3ebb3f7f5ae293803227694620d3588eda6d676ca44637bf56543b626083579ec0471ac972185c240071670","ssdeep":"","tlshash":"6501a25ef455f85569718d2b043b1f25d48cc97b837c906ce28ce9eb415297e0348dc1","size":685,"data":"","first_seen":"2026-03-16T20:04:49.257413Z","last_seen":"2026-03-28T06:42:48.083774Z","times_seen":123,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c5c4f347d420631e67bb5085eea4b2b2","sha1":"058f6529a90c7adf8a71c2c0f14cc0154ab66ab7","sha256":"ec3808a4c989594493da9b120a5b4f493426395e2139ba59ffc179b0cf2a32db","sha512":"265cac8bbba0512eadf0841327f7450d027c64790595978997e25eb17084a85418a241e6cc54905d789ed1dd9621ef2d6547e148fb2cdc17f6f570ced0ffe4f1","ssdeep":"48:LZaoxbtVoWnnBn6V0G4cBC/lyUnBn6N/y2zp75LBmYEV8bNG4NOb:L4MrBmH4LEa8/zp17EV+44U","tlshash":"4891e21e6805cd0bdc7e7d69023e9d36a0cdce7b47619af4818ecf581a0a47527edc91","size":4210,"data":"","first_seen":"2026-03-20T09:19:20.790785Z","last_seen":"2026-03-28T06:42:48.085209Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/verifyjs","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"719ed636d0db40e55434c2b18f007bb5","sha1":"c846045f3be1bf66e3156f9308c0d770c23dbbf4","sha256":"89c20602a1a578f50827fa385668b3429f2fef224fbfc6d0a99d7008e437c5e6","sha512":"cd89dfdf621b4ebdcc08ba466c1b4cef842e89cbd3a0c13ed42b2da962f23c630d6070e245b7e2e14ead8b93b379235f575d6dbcdc02650ae3f82dc27763f428","ssdeep":"3072:d3iH592QSLlV1m1uIo3xMI7s6iEatghQmrVGpTZ3APxl:4Z9sVgkIoBMI7s6fhQmrVGNZ3y","tlshash":"4604978129ced10c82e2daa642373bc9e8855c2d8b461cfbbe0af2cde55c453b1f7594","size":188930,"data":"","first_seen":"2026-02-28T19:09:18.176997Z","last_seen":"2026-03-24T20:06:06.307272Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/main-app-fef4a8898ec7782a.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c06acc17c28c2888a1a2466b0a0d12d8","sha1":"63d7278ad805cf6b27e6fb76daee100f7cc61afc","sha256":"90a949795e63ad10200d2f57df2706979fd66bd412caea2130a9c707e21c5d5b","sha512":"745f5cba8c1f8c006b2d9a1f8ec15fe3e66d7909766f446755243e1b63aa4d611233d9fa175bc9001bcbce4a4a782e79feb80846ba96f394b38c1ed2b1f3c2bc","ssdeep":"","tlshash":"f5f0fba55f0df42f5d266e74fd97ace2184f4275206b4e647d01dda23c67b6cd260408","size":537,"data":"","first_seen":"2025-09-13T11:18:32.65005Z","last_seen":"2026-04-26T09:09:06.254694Z","times_seen":8728,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/app/not-found-fc9e14ca8a12ea1e.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"513754cfa2d91f1f4ec59f666e8e64f1","sha1":"e7c65abc2aba2a3b2a34ca6c818188dd6dee9d16","sha256":"caeb37f0127a0aa35cb44554fe861ad9f79f13b433a04e4ea1836634df96d2a4","sha512":"37d0d55820bad028c997def5d851dfb42121d285462bc8952db7b1182ea060a0a0f4ea6a3fe546a78d8f2ea423f307b305ec0c69ceea3cf14e801159bd669e75","ssdeep":"1536:k8cwg5kif2aMaiR6HKf0x0XEdw/BvD7/a9yOAS:mdw/0","tlshash":"3c4374ed5bb009cda88896ea7f0610bc373e41bab46d8928ed0d5d38a0418d5fe17fd5","size":57585,"data":"","first_seen":"2026-03-07T05:32:19.76343Z","last_seen":"2026-04-13T14:07:52.366565Z","times_seen":1120,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/34230-e87c8d35c9fa1ab6.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9b4900ae7910372c39f90a4ebc702603","sha1":"9a24a588c269ce9c3f57345c32fc19f6681dbc0b","sha256":"09f6962b4e78defeacf0013f19bf739d5427801904333b19f9ab4cf541db3440","sha512":"4a02c00c407ec0eee649e22031775550a2e27fd675d23235783ec11d04efda2480a219e318fbba5739af05b0bd575f5d6d94a5a5dd2db29a03b891b9ba3069d4","ssdeep":"384:05ae/t9qDM109qxJ7aPk9RqKIyoIPzM73I/AKIJ1L/7E48z/08zXvnL5/Tz7qt5V:veVwDM10wxJMKIKIy6IzIj/9KcKN/POB","tlshash":"b5a272c9a390993d2583c53fc635b426e2bf09fa753e534062a9c63df909cc4e7365a8","size":23047,"data":"","first_seen":"2025-10-16T04:05:32.834372Z","last_seen":"2026-04-26T09:09:06.251597Z","times_seen":8610,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/53090-a64743b05c92b22e.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"15925877203605d5f2355beb36d57347","sha1":"17da103edacb7e181adbf9304938d039a200c1d7","sha256":"a986f72fb7dc330235296b864ba0f244f1126b2eff777b8a13ae36875dc96157","sha512":"ad516778c2e0dcaa482b03f5ab7a44fea87ce340ae85aba921277db245d9e6c5a49f70a27eeb99b6bef662c873647590edc83e75c63116c4e456045245b91568","ssdeep":"384:hC/SLOZgztFl6pfisYkxdZEAXtwdt4DvWmV9PvTLsb6r7/:Y/SCZ4Fl6pfisYyZEhdt4yIWbU/","tlshash":"0862c6e0d362fad8ed6785d5f12ea906b11f2f988b19c074f6b85c2053181c4ba27b9d","size":15666,"data":"","first_seen":"2025-10-16T04:05:32.826709Z","last_seen":"2026-04-26T07:30:40.251005Z","times_seen":6718,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/67369-222f9a02bd61134d.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2d0f562c7d0aa123fc3b9110ba41409","sha1":"f8bb86ad9fcaaa9e6ba32d21119269d241b07992","sha256":"d814d64b251229e3895cc3d5c3c489f46e7a104b067562ca5512cfb197a2c9fa","sha512":"8b59f7093d20c00b2f06ef065a8429b308c7e09c88ac86f78afe14cf0fdf667b6c3e9b87153d14b690112863830a4ce309b2a88d55eb5f665aaca41133a7b57b","ssdeep":"24576:sNgvIh/V45VPyzLW3fx2/cp6lKxivBIVV/7x6XomFnoMBnxBqym/cpXlKxUvBIVh:V4G5q3/eIGYo6Ymk/eVGGo6YmC4MOqZ","tlshash":"a636931c8b6601fdaf586d81ca4770658fe286536fd789fc9abb7e104bb069f0301e61","size":4883419,"data":"","first_seen":"2025-12-13T06:46:52.602302Z","last_seen":"2026-04-26T09:09:06.265803Z","times_seen":7709,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/4bd1b696-ad7506e6ce5b48e8.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"15510eac41ab1d5ef4d07adf66470336","sha1":"af7eb0a2168918b5999e83b71a10ba52809f38df","sha256":"e5b9e2570593ab1e59ae6a397baec8491e4c3d5e4628aa1439940ac0e2aee2fe","sha512":"116e3ef82cb1608f729f9731bf3ba61a1a75624fec0adf57d0536e5f7e1abae6c939e93af5bbde399079cc1634b5ffda250a76f08571d2e30c88eceecd05b22a","ssdeep":"3072:btfjLiM+NFCC4YQbCCAaI/02UHCgwLRE4:btfj2ld4Y40fUHQRE4","tlshash":"0df3f7e83d99e2116eb342a7109f2803737c262b240d4c60a615fd9db5b845bb17bfde","size":168420,"data":"","first_seen":"2025-06-09T17:09:55.347659Z","last_seen":"2026-04-26T09:09:06.218416Z","times_seen":8746,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/56060-72611dc1ca384f99.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6685f1c3cdf6f0d1227ab2b5af23a056","sha1":"491d91380ba5da6dcd5027bd954e6fe11103b18b","sha256":"237ff25124f0ca73e06c9e1d59caadd016273fa9b5b6bf211c991cc8d34d1b92","sha512":"6667f2ba323afce441aa6e23fdcb8504dfeda05286da37d594827c605042ba88ddd7bc5c6ec9565109d4a0ad4ddc9f8cdde4ca22cbb9eb8122b85ba04bf1d0b2","ssdeep":"192:/ztywjuim2pZQizyySL4tLg6SpiQhQ+YmzSRAz21OfsuAAuaSXCfb+e:/z9juim2xWySL4W6STYmzSRA61gEC5","tlshash":"4622ea847260793e1547866fd1be5516f27a292e382ed25433b9c83cfd21ac85336bec","size":10031,"data":"","first_seen":"2025-10-16T04:05:32.850927Z","last_seen":"2026-04-26T09:09:06.207212Z","times_seen":8649,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/fbq.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0b834c87557376668b3c3fde729a8db5","sha1":"872448d973ce02e75d52b31641d961601167d04c","sha256":"cc63b490224b081fc3bef6a696dc3ecbe7ea7bd45df00c8a53cfe304e7bd5469","sha512":"1c40528c95bf8c5d60ebf3dba6df8ca43390e5239ea50ef08705e547c48635a1f399f2f9d7207b4575822d2ce3dfd6e2b7ef7ee3b431255837cf2545ea5ed4c5","ssdeep":"","tlshash":"e7e0619f2c43b42733e97639c727a67b3763070178c2d919ba05c8151fe08966c96d9f","size":408,"data":"","first_seen":"2025-03-19T10:41:28.92776Z","last_seen":"2026-04-26T09:09:06.255375Z","times_seen":10549,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"2512414f817df8312569d55032748f81","sha1":"13467df6e962aa77bb36867ff1412e1ba9f8feb1","sha256":"e193735f8d500f10e2cdc6a94f5a43fb0257c1e2f8afc10fa04f0e3761d258de","sha512":"db6e4298746d519b0987bfa0feb89c39315718e178418e482b1c10c76439eae343afabf2db35ffaaa26c7ee6a3855084d39e9b88d35b11f87c354ceaf38874a0","ssdeep":"","tlshash":"a590029525c25101965295d4455b5c8450658675249569809180956259550205125cbc","size":47,"data":"","first_seen":"2023-04-11T22:25:25Z","last_seen":"2026-04-26T07:36:39.77066Z","times_seen":19918,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-26T09:03:31.522315Z","times_seen":627791,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/53069-bc2f18ad589424b8.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"107cb75a0c53987a209e2e7a8951b55a","sha1":"e8f418769d1d1f2858e2962b291b49ef960e6026","sha256":"34a6db6410f88a7b41716feb828d1982400a702e115250fdb6cbd3a5a618390d","sha512":"325008b525fb11dd0404a45ff42c54c4fce64f5abbc62231131f00fe7053ee9b626f32a7c63b1cfcd26b04ae6b65a99e93b0df665d9a992664c4766827b580a8","ssdeep":"768:9VFYbMnfiNkuGxL2umLBbPEOSQ7Lhkd+0xiFxVuxMgCIw/A33SUYq31kBVVLLEhx:TniNkDe52eh/oVkZL9DxFW0MSdUTB","tlshash":"42131a88633593e8f1c065f8d217649cfeae6aa4e741c470d3b16d11a0c78dc7a66ec7","size":44317,"data":"","first_seen":"2026-02-17T15:04:52.286204Z","last_seen":"2026-04-25T09:06:41.0215Z","times_seen":1300,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/app/(landing)/page-e7fe8e8ad23b29ea.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"57ab5207f165097bf8048ff6ac58edd9","sha1":"5f1984f30e565b7d20527c75b9f8ac7228c661fb","sha256":"712998b4d267cbd541235b2f83cf08c24dbe90f6ecbd63636429ea99eaaa9bb4","sha512":"c1b7cdf3de51f6ad8c3c614350677263fa34f09c817c85911fae9c77d2352de18283a80c30201e456c8e8d9a84fe9182f96b773e5f99c218beafaa0f1b4e99a1","ssdeep":"384:+Saddq55XGydqhFoSObqu7zYOJV56Gchz:+Sqk5WWWoSObqQJV56hz","tlshash":"c262a741e254daacf45394adc32ea03d326f2599d65e8570f8fd9c3461094c8fb2bbac","size":15196,"data":"","first_seen":"2026-03-07T05:32:19.748Z","last_seen":"2026-04-13T14:07:11.587471Z","times_seen":656,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/31684-5738d0dfaad74be8.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"338198f53e9ab0bb77a7fc2f057a8540","sha1":"78e8deb3e3e2703d617dfbcbfca2e893eb3cee92","sha256":"d3844f2db215d099728ef83a3b5cb3cb82279b669b231f54d2cdbbd958949f1d","sha512":"62ba9ce051e6974c6c74745a4ce6b49badc145041893b048ef42f09f979d0e579928ff78b7aa8abe587c73799a890c26703566918003494a9d1a3062ac019889","ssdeep":"1536:3Hk+1qVc+dJWgclHHlU0ob8OeM8aZLoEAEuRaQ3aTcXH10nZ6XEL4ZXEoFUOnN/e:VqW+dJW9QAMiEuV36XZmUON/e","tlshash":"8b04b8b676d0f89107a780d5843b400af3395c3b146f74a0a3e6cce975645dea1b3faa","size":176077,"data":"","first_seen":"2025-12-07T14:40:32.389468Z","last_seen":"2026-04-26T09:09:06.226233Z","times_seen":8130,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/twq.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7f4d9e824f13f7d27acdc868f36f7208","sha1":"125a712d37aefe5d3e52ce2ae8986e109eb473de","sha256":"d6768cdba372d919e6d9322bf3cf3a0dfe427d86293aaf16f23d096028a00a1a","sha512":"d6395459961f34c3efc4c55ffa6bd873fbf20cf9aab17d31ec926d7ff645cfb9ae0cfea469b98e0604c5de162b60eb1bfc7b06a6fe91e3497f3a4fb32d29c20a","ssdeep":"","tlshash":"66e0e7f12d093d631fa11374117f931f3143210575595b91d59cd540376249f8037b8c","size":308,"data":"","first_seen":"2025-03-19T10:41:28.935479Z","last_seen":"2026-04-26T09:09:06.214141Z","times_seen":10541,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/51096.d5d2efd398115952.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e3c132e70a3cf169a2eca9d5a55ebabe","sha1":"b4ca48271ad20555f17c11a3e9b0acd351771222","sha256":"a756eb284f53f6210c994a6890be5af55389875c0baf7789c9bc5e555bb69f5c","sha512":"e24b666010f17d7bb5c49ca0686faf3670ebb34d1139918c87b98e22274e9951a46fc21dfad095ca07f6775ef978e8640f3b16f237dd7aac4f35cec9147476a9","ssdeep":"768:bt7hsk89UGTrNgELQFENRIP4TVNUuXCEth:bt9sk89lTxTQ4IP4JauXph","tlshash":"41f2d80f460c22f13b9711423e9e1add776d65147712c87db9aa816d338c8d9a23bbec","size":35333,"data":"","first_seen":"2026-03-07T05:32:19.757389Z","last_seen":"2026-04-26T09:09:06.256056Z","times_seen":1755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"8a790b9082e3322401ea0f00805cbd8d","sha1":"f2deb7a191c0187b65516091b9ea6f2015c4cefd","sha256":"d4f88cfb3225b90e42942c0e9296aa5d16394a6ab8bb24278c55271c3288d628","sha512":"e00677ab35847e442a90f8c1f25616ba7852a62fe7e4dd21069a4b70a8e70f56f371b57f6af4e320da7e3f43327a739c33d8a6fe195f4a59167c3516ef7e6d9f","ssdeep":"3072:ll+QcznqLi2ktXYO7s6iEK56W6QorVGlbrfAPZN:l0zq22k1YO7s6RW6QorVGprfK","tlshash":"880486812ace514c82e6d2e2522733c9e8855c2d8b465dffbe0af2cde95c843b1f7594","size":185641,"data":"","first_seen":"2026-02-13T17:42:20.359964Z","last_seen":"2026-03-29T04:31:50.527617Z","times_seen":593,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/app/layout-414e3e65ac0c109b.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3733ec17ec7ac052663bbaff6f9be56f","sha1":"675df33bdc098f2124a4720e5e220c6461765bfc","sha256":"a436c6d41a0f8c975ac3045afbfb4528489f1289bd2dd41068b5a0cb216b2be9","sha512":"9133a2e5a3c78c63b2b31c1c0316b31f9fb82cbfab537b0f82abe77ed5a844721e4da4ef459e4ac1aba6a46a0b18e0120b19a36e1a3064f03aa3f6acfc30b209","ssdeep":"192:lTUQUBoSCqdopNRDvf31/wZbMdyeTJzTF5zb6:lTXUycsNloDeTJzTTm","tlshash":"4022c711b484fcad0be3c49c9cafca08d16e1b16d8a8847f9f1dd62910b295df175b17","size":10496,"data":"","first_seen":"2026-03-20T20:06:42.400192Z","last_seen":"2026-03-20T20:43:47.490433Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/58211-d9d578b8de9e3293.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f7d84948f8ca0ff495e7533d0969b670","sha1":"3330c776cfbb7ea04d30b89a9686eaea35f24747","sha256":"2180eecb87df810a0f91771ce87e9c4f6e185e9011d00147eef0ca9c7ed750c1","sha512":"04a5f0711a52dd8bcfe0ea6d66662ed5e0a8610c8caffe461a8c8178f8f40e55b4c40c7ea11716a7dce1631534f5e22f9c5d86393e31835bcc686e4aa6254c85","ssdeep":"768:01KE8vZ7HInPlFvvb5AvexGRrxVP1fr4UK1fWbqYsCL1fZnK+jBV9YCO:0voWV","tlshash":"f20399866740a83d2587c16fd63a6415f3bf14ebb92f9390219aca3cf506dc0f5365e8","size":39725,"data":"","first_seen":"2025-10-16T04:05:32.927959Z","last_seen":"2026-04-26T09:09:06.24712Z","times_seen":8612,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/84382-b5a32f8f614a1dd6.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ae82c1b42e03b3cf5387819a72746108","sha1":"a975c21a07b32068336ac05f0cfb618c798702e6","sha256":"edd825dc79ca6bda7fe713c540b1c84220ed1b1179febc6561982bd67e4b87f5","sha512":"b22859d19aeab0a4e096d3ac82ab61ae63f7584e5fbf1a887184ad7f60ebde8d05de34bcafce734f68583641a988d984b3de48409eeb39801f139f9c0ed6ddec","ssdeep":"768:6tA0oDr6QoSIN1MYgecH4E6+GykBw8wzVBS0aiBI9scuenXRfDlK:6tXoDGQON1MzekDl8wzCBKgn5RK","tlshash":"e323c509c9c9dbf14bbe6fbcd5a9d1c7e63733a960722ddaa751c8a0074528c712092f","size":45883,"data":"","first_seen":"2026-03-20T20:06:42.387202Z","last_seen":"2026-03-20T20:43:47.552244Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/73345-c6c417d67f761339.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb597de485c3029dc93b6f3225acc0d7","sha1":"d3a6bc9d6749ea9f0ddd1b1862c90303f3ec3254","sha256":"3513d69dd757c29044eb92ab6a908ba6755e0845c38105ab2e196b0c75b96583","sha512":"1420716788ac11ed76547147942bdf2329c1bcfe8770745c3bbce32f99ca5c5866e20253ced9e0ebc4597003f7404825de2b601f8d24b5c2fce1125eadf0ad63","ssdeep":"6144:bV5sFqdfuGDdF0pL8sS65eILs3QKQmiOB0lDz:bispi9mVB0lP","tlshash":"ef644a9c7682b474939b016a807f0107f37e2d57240e4824f270d9ee7975e99a2b7fb8","size":325834,"data":"","first_seen":"2025-10-16T04:05:32.880573Z","last_seen":"2026-04-26T09:09:06.227053Z","times_seen":8646,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4ea234252cf1b2b586dc3769b37731f4","sha1":"8c7da62134c910ecd2109f07c52fc5efc49c1bdf","sha256":"f3969143ccfd1630eb2125e22ae9498f34a160a82856948fb0b413aaf0485844","sha512":"090555a54b1438d84fd8a7e4623d5c5014da7d9fdf385f780fc7922aa2914b2e4d74bbf38f9a46cbaf13bc26575bed2b6d1017ea885c75fb3cd4fc5c5cbb5d31","ssdeep":"","tlshash":"ead05e29a044dda6ec2e7956183dbe3b209d608f4498dea466c4ce284992a3a3342dd6","size":252,"data":"","first_seen":"2025-07-07T02:40:27.405169Z","last_seen":"2026-04-26T09:09:06.26717Z","times_seen":8257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/63712-08d55a4030f898f7.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"614fe7514839a09db165d48ad01da840","sha1":"e492263f454db98a8cc2c89c777e5572e854e343","sha256":"4974bda3ce7194ae592697daaccd424e6e8e231bf15187182bf4d16522e9bffb","sha512":"7eee15e6bce48c5b1adfc53ecfd7492109fa6272d866622f055b91ccc80e8bb4e9fdc350413cf4282d6b85b13fa72188cc51445cf6eafb6167d149ad45af1b8d","ssdeep":"384:RSHQzwzI46bFWDyhQ1qqo5W6m4WIQgn1fy4GaQANJVOPe4+snOcT34McbAmrh/2:/dZsunDqNs/AFD","tlshash":"1aa2b449b9d1f47453a3aa51843f440bf2674ea8a05db8d8d367c9e5adb888e4073f3c","size":22721,"data":"","first_seen":"2025-09-13T11:18:32.286663Z","last_seen":"2026-04-26T09:09:06.23898Z","times_seen":8678,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/58172-2e2ad5efca352ade.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a9784916761bd2bbc76012952021d42d","sha1":"253cf85cec6b9a53b449d758e2d542a9a182bc23","sha256":"c0b7563919543117a0168d95e03a8812821df1f79a8bf094dadda24536660d92","sha512":"54d0abe66c6ec80868c406f1838ff8760bcae6758bd406c57e29d3ae842812ffb81cb315706c46e5d6a26e8bb80c7b1fc2787d02e360d635ebf22aad6c3c7431","ssdeep":"384:H74ml/FeOUGcg70p+tlof7VCEv/f2rVdVOmo778U/eWJV+o6:b4mldXUGZ0p+tl8VCEv32rVPOmg8UWWo","tlshash":"cb62a6d12b10495d3583ce7aca363929f2ef69ba393d57401168cb3cfd18ad4e6361e8","size":15156,"data":"","first_seen":"2025-09-13T11:18:32.621492Z","last_seen":"2026-04-26T09:09:06.244838Z","times_seen":8681,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/36860-0a9464d566324679.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ebed528d50f9e0657df76bf19dbe2ebf","sha1":"a745c8cac0f897a2e288bc643ba629bb89df2609","sha256":"f4ff2580f3ef611ca05990dcb937f89c700e24833b675e4039f569f79cc4da76","sha512":"8d0b8b70fcb7c71739ed7ed80ac98ec09aeaa478324288358e4c3f9622198dff8ed0d43a17e35e02c00537fe4d11c8d68a1fc9a60548aece0b1489ef3d3da6fd","ssdeep":"384:5mkM82Xy7PBRB7/z06STNN8txdOTTpPNUp0icpUAHEvDBUgf99Kxe2/KtyTnVfdA:UkU2fzuT778bwq5mL7TY","tlshash":"8092492b68365877a6d7bc748cae504c596fd24ba329089e773cef7404871ac394b3c9","size":19669,"data":"","first_seen":"2026-02-06T03:10:14.100987Z","last_seen":"2026-04-26T09:09:06.247997Z","times_seen":5207,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/53331-cafd9ec77f422f5b.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ffc2a9646f640ee24bec96371d8896d5","sha1":"43fb84011d63dd3ee53c4c5a6ed7bee651bc780b","sha256":"ee75b3f83f6bb1fe59b15f18a040463973036c403110a597b3e77b659b240fc9","sha512":"19765f02ce6babd708e5a582fce2a697188168486b56c78f66d75c7ad4d29e02371f839d2b967fa8094e949f2fa6de2e478d24e24b3150f0eb404dcef6fe63f6","ssdeep":"384:/bEM6MGSQhbWOoOSQ6b82p7X4WsIBcf9CkSfA9CM3ORBq5T25iaTuJ8jFNDtv/LO:/L67hSOoe6h7X4WsIBu9CkoA9CM3OTq1","tlshash":"63b2d7e993f4b6e0a006e3f8d607a8793a6e19fd7b32c95893d95c20c5910dc266ddc3","size":23606,"data":"","first_seen":"2025-09-13T11:18:32.113392Z","last_seen":"2026-04-26T09:09:06.253144Z","times_seen":8670,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"336ecd728aed34847fe284a71a7633c8","sha1":"a44bbef2d7c610fac04b162558fbf8067bbf19c1","sha256":"298a83badcb2a2143eb6a35e2e5a3c9434d72df7ed059affe563666e94be8d49","sha512":"da1c0a1f4eca0e9698dd2642bdca47431095ccbed7fae407b56425b390c721fe7f16beee5fbd6b09d5655f1aede3cc59b123a51ff7818eec82daea4e2a286e8a","ssdeep":"","tlshash":"f2800470c4400c15c031545334747105017d400d000007005350d74450531055d07dcf","size":34,"data":"","first_seen":"2023-10-13T21:48:36Z","last_seen":"2026-04-26T09:09:06.267911Z","times_seen":9043,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"6e40895f7fb0de70293369d8a10140dd","sha1":"93abebd7b0c60f5caa53a7e548b8974e81f3457c","sha256":"226dfb7ba8f5754d074dc64989ceb6bdb461f2f73bf0007a79a0aec7c92fe3ed","sha512":"94da220f08824723ff91b69d41c18fd55133919d6874e33f6cefcaf4b5c34b7b90fee566deb0dbdef95e51bdb3435a552f4730a11e21cce57da2bdfc16f97e2f","ssdeep":"","tlshash":"03d02b91dc13dc0dc3970f25183f1c3d31cec6641205924be884c97c5981e3409f0dc6","size":277,"data":"","first_seen":"2025-12-05T05:01:35.766262Z","last_seen":"2026-04-26T01:57:22.070966Z","times_seen":6109,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"61b3a595565198fcc39d51336bb4997d","sha1":"351166c56e97ba039f34d689d083346239ecec05","sha256":"750f1a4884055be839e41310aaaf543855d05ee9f0e740305be93aa6044fa75b","sha512":"1c854b1ef1fc23c10a8389b2fa91d18a82721fb97c42cc5949b665c5fc4ebd77567fcd9933ddadc0f712633a3e3fa3496bed1066fc228af0690f4b322850bf99","ssdeep":"","tlshash":"88f0d373ac10ea0286b59f182879cc6430cc892a42601b99af74cd6f159e17dddb2d91","size":630,"data":"","first_seen":"2026-03-20T20:06:42.424255Z","last_seen":"2026-03-20T20:43:47.569739Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/webpack-9a1cb9ad4f56614d.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a18799109d5281e52770680865fe8689","sha1":"40541826d1f4ac7ac1f482a5e0c646328561482b","sha256":"a9bb31a0a79205ff217ee96229de19a6acb53126d24664c2ee04cda428422939","sha512":"5a7129ec973cf372ce8e5cb99e8ec8ef2e7de1b9ecd9676b396400e5a7f15211964337cad52084dfdce8b68119cb557190a6cbbea1181c116af46373abfb931b","ssdeep":"384:Efjp7DiavHhyIN48SiQ50iatLzUqzBuprDAwLq9g2r72GHZ7WRRfKDkKst:40avUIq8S1/atLw11DAy4g2r7JZ7QfKO","tlshash":"1d925cfd731cecea2d3005c2ac1764a4660871227d0a4cd1b1dae77644b6db5a726fb2","size":19851,"data":"","first_seen":"2026-03-20T09:19:20.770138Z","last_seen":"2026-03-28T06:42:48.048562Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-26T09:01:07.682798Z","times_seen":213788,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/app/global-error-2870bfd8a75981b3.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b9a1f9739cea566209a5d97cd6bbdf58","sha1":"23d3e0b04f270abae4738cd56edf40dcba207c94","sha256":"94bc684465b19b338426f3f47ee0f7e3f162dc01138340a20c4ab9bba9258120","sha512":"082430a5d2b35da80f04382cf4afd243fa7ae0ff20527605b3a62e183f53af51f96b7e8107985516c4834babd69fa7fb485b6e43def1c9b4d4347d54ae5fce94","ssdeep":"","tlshash":"8cd02bc51191bea874165aa955b4c835304510f7302ddcdee713ee2108a25a00351c0d","size":257,"data":"","first_seen":"2026-03-07T05:32:19.751926Z","last_seen":"2026-04-13T14:07:52.37617Z","times_seen":1120,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/82849-e1ace10340da2839.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"09e0a34842cd0e30fd0a103b73b7933a","sha1":"75567ccf60797bc81d69dc734f9774ad1342143f","sha256":"f12d043b9839790120fa75ba522fb17716f8f3b3df5b822bf0aee7b5af0c2f96","sha512":"38b09073805dbff075ac0462501410af1fd66fcf52c051eb6e8cde616c99d6e2676e62db25e9cbeb38c425428a40be07f807c2c09e108bb846ad9feffbfed49e","ssdeep":"1536:4UcXlryCtX55mQPVpmsuIurLJmvU340MLsUDG3BZN2EaZxVcGR5c7dhP3Whj21mR:3+T","tlshash":"2304d5debba0a2f4f005e7f8d7124468366b39fe6e52ca68c3a91d15e90108cdd59dc3","size":180485,"data":"","first_seen":"2025-12-06T12:30:49.949747Z","last_seen":"2026-04-12T21:07:55.011823Z","times_seen":6510,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/30731-b4906d3166248ccd.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a278de30bdaee7c2a859ec4fe00720a5","sha1":"dfee7e7f7f6bb86b057a87c026fe85debcf3ff9e","sha256":"f1b31f7cc90eae6ec6abd1c9b5e2cab892957933851bdc043acaec409ca136d2","sha512":"77f9c98385a0189d3c4ac23bef30048bcab4c2915cda68f96181e386575b3e523fb4d6ad1d1b99f6dcc89b18122b8e0548ee2628d6f8d948571592754b9ff4e9","ssdeep":"3072:92ydhg+1uKewJ0Byiw1QRi8B6a3bmicWAM7c3jiPYFEcFBKKMhEmDhwZ8:92ydhxQRB0Dz7vMKmDmZ8","tlshash":"bd15b4985bb553fcf405f7f48a2ba4b43f6a38f67a42c4b8c3a91c15d4520ad89a5cc3","size":935432,"data":"","first_seen":"2025-11-16T06:53:31.123844Z","last_seen":"2026-04-26T09:09:06.257354Z","times_seen":8206,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"rytowin.gl/api/extra/promoIp","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /api/extra/promoIp HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rytowin.gl/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/json\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\ncontent-length: 16\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7363e85fe9edee6f053a4b319588c086","sha1":"a15e2127145548437173fc17f3e980e3f3dee2d0","sha256":"c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97","sha512":"a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85","ssdeep":"","tlshash":"f0600003000000a2c000220002382e202080002280000008800c20088a20000208300a","first_seen":"2023-04-05T04:17:27Z","last_seen":"2026-04-26T09:01:25.795809Z","times_seen":124312,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/css/10dffa892f034c33.css","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/css/10dffa892f034c33.css HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 75727\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75727,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"9671df6705f8fee758ac2981344ba5f5","sha1":"86da3c722f1ac332bdef5c75ada11d767f8ed71d","sha256":"7bbb6929fd1cae33d53c60eb6650786d95d7761318bb58118872b3d9f7130717","sha512":"8837e2cfacfe141efec612dd817cf0a8ebdba69989d0fc559bc1db6697a6037b53b7b2d071e30fd98a35c3ca0056da2b60ea50bf7e879c4b7e7f154c6a9da395","ssdeep":"768:9FVoU9aT1kzyfVrIP//+dEt+PG+dpvG5c5P4Nenit5gad:9zr9u1kzyfV8n/+dEt+G+7ZnM","tlshash":"4e73a5374130613c76e7aa35ba98a9cd3076c882a73356edf556bd29c1c31a73a533c8","first_seen":"2026-03-07T05:32:19.783199Z","last_seen":"2026-04-13T14:07:52.404084Z","times_seen":905,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":79,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/44638-22642ed4434648b0.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/44638-22642ed4434648b0.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 9855\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":9855,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9855), with no line terminators","md5":"3d0cfae03cd8f321178546f3d44bdf0b","sha1":"d952755162717e7ffadd30a573f4691a19b643c4","sha256":"a80e2f887fe98f5dd1f607d951147f5de620031519c6419ed1fb86e7b6621686","sha512":"56bf305f3b03e0fe79351d4cbfe166bc57557cdd91f72f22b3e967109e1a6f898528a59e5277c857fb69b465ddefaad1e500469821adc64dd225d1ada5986532","ssdeep":"192:e2weKRHbhH/3MO/Y0HURLDJYvYgcn/rNfI21OYR5ZAGPnSwpgy4jdzhJvkC05:/wd/MRLDJGAnjNfF1NVSJZ9y","tlshash":"00123c90b150797613678a62e1ff0706b33b845a5c1f84acb5b488456771e8e01fff9e","first_seen":"2026-03-07T05:32:19.773264Z","last_seen":"2026-04-26T09:09:06.232286Z","times_seen":1798,"resource_available":true,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/56060-72611dc1ca384f99.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/56060-72611dc1ca384f99.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 10031\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10031,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10031), with no line terminators","md5":"6685f1c3cdf6f0d1227ab2b5af23a056","sha1":"491d91380ba5da6dcd5027bd954e6fe11103b18b","sha256":"237ff25124f0ca73e06c9e1d59caadd016273fa9b5b6bf211c991cc8d34d1b92","sha512":"6667f2ba323afce441aa6e23fdcb8504dfeda05286da37d594827c605042ba88ddd7bc5c6ec9565109d4a0ad4ddc9f8cdde4ca22cbb9eb8122b85ba04bf1d0b2","ssdeep":"192:/ztywjuim2pZQizyySL4tLg6SpiQhQ+YmzSRAz21OfsuAAuaSXCfb+e:/z9juim2xWySL4W6STYmzSRA61gEC5","tlshash":"4622ea847260793e1547866fd1be5516f27a292e382ed25433b9c83cfd21ac85336bec","first_seen":"2025-10-16T04:05:32.850927Z","last_seen":"2026-04-26T09:09:06.207212Z","times_seen":8649,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/audio/message.mp3","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/audio/message.mp3 HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: audio/mpeg\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 29091\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29091,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"a74d3b2a2dee5892841f7e37ae8343a9","sha1":"90b69421807b860b265c34a5e2f249e3fdf05ae8","sha256":"7bc02c22f6a0a75446187dbe0547a7eca86c05e3d3d369e0831dc084bb974ea3","sha512":"7186807bb91804317231d48b985557d4259820c45cc6ef48fae69cc7f50b7195b1fa9c271aac9c2104b7cd0a48a772a9223db8f0e4f53cb2302bc401246c0f9f","ssdeep":"768:OBdZJRccW5UzJDDNx5kbu61m29Ij3Va3ZH0jycOFFLQU:0JRJW8DDNOu/j3VaJwyXv","tlshash":"92d2e13b2d840d8cf1868574226fd588e0b97c9a129e5f52ed9feb494637031bb08fd6","first_seen":"2025-10-06T22:40:31.572152Z","last_seen":"2026-04-26T09:09:06.210028Z","times_seen":8559,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/countries/gb.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.598Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/countries/gb.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 1183\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1183,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"99a9e5571c2f5acd9cb910ce6a3f39a6","sha1":"876935939a01dae371583220f75bef15b5185c68","sha256":"5ff2f32ed6905d887f7d771029c1e65b1ef059e92260b548908cabb4e886bf19","sha512":"14cfeeacd8e2f9b67bf2e1f5b2823a98fc60854fca5afd0b10be72ad647ffd38aa4058188451c98e2045628706f0b84dcad508fa901ce146705102fed962de1a","ssdeep":"","tlshash":"ea2163c84370b5c059a74fba9f28a2dc924925f9ddc96ecd10be0538445ff5ed01f009","first_seen":"2023-05-08T16:47:32Z","last_seen":"2026-04-26T08:41:28.369015Z","times_seen":5246,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/bg/free_reward.webp","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/bg/free_reward.webp HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/_next/static/css/d599adfe9f648657.css\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/webp\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 9602\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":9602,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 390x108, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9ff1da902b946265f24272fc301815b3","sha1":"395daddb9c99b6f15b2651985a115e6395128db6","sha256":"67f87d0d17d6c7549cb8dfca755651258f123d24bd28e67bf90a6d1777831edc","sha512":"3e60ab0677a151c7eee4111c0269503dad38b9e36e9a7d52e540968d642612aeecaab21091a3c3795943bfcd701b51efc87ffd283a8273a4159484de4a362e29","ssdeep":"192:AXpAE6uvkjO9qzNScQt9EXi9N6y7D+AKbr2i5+q1Hj70rl7zkmt:AXX6s/9qzNIjr7cbiIRjorhJ","tlshash":"35129e54b67eeac19fa7c5ef26f093931236a77d11b1e8c3087d1ca64464930f384a1e","first_seen":"2025-09-28T21:41:24.335314Z","last_seen":"2026-04-25T11:58:25.611149Z","times_seen":3269,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/30731-b4906d3166248ccd.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/30731-b4906d3166248ccd.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 935432\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":935432,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"a278de30bdaee7c2a859ec4fe00720a5","sha1":"dfee7e7f7f6bb86b057a87c026fe85debcf3ff9e","sha256":"f1b31f7cc90eae6ec6abd1c9b5e2cab892957933851bdc043acaec409ca136d2","sha512":"77f9c98385a0189d3c4ac23bef30048bcab4c2915cda68f96181e386575b3e523fb4d6ad1d1b99f6dcc89b18122b8e0548ee2628d6f8d948571592754b9ff4e9","ssdeep":"3072:92ydhg+1uKewJ0Byiw1QRi8B6a3bmicWAM7c3jiPYFEcFBKKMhEmDhwZ8:92ydhxQRB0Dz7vMKmDmZ8","tlshash":"bd15b4985bb553fcf405f7f48a2ba4b43f6a38f67a42c4b8c3a91c15d4520ad89a5cc3","first_seen":"2025-11-16T06:53:31.123844Z","last_seen":"2026-04-26T09:09:06.257354Z","times_seen":8206,"resource_available":true,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":114,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/92148-6f19ac7166461fa8.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/92148-6f19ac7166461fa8.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 18801\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":18801,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (18801), with no line terminators","md5":"c6501be806cf1fdae07f7147e6e32ed9","sha1":"b46315e1e07d5c32e6f2185e25c453902013fa4c","sha256":"e897f0138e8011ec20fdf4ac0b924c9d3edcae74328a9700f502563b25897bd3","sha512":"9fb4560bfb3491d7afc719f71260e56dc3a2bf71d2c1104251901c02eaf7a2d0a9d249d90b51e3831ce7b66e7ef81603dcee6c97900ffcffc51b8e244493e1d9","ssdeep":"384:DLZQxW+19Vd6J4FU0Zs1Th/ndpRqgG4gjbI3/ovs2GK/sYp3wm7GjUWybgAKJ7r2:JQE+buJZ0y15dpRk4y+gt7/sml7GAFsg","tlshash":"b482d89da3e6a5e8f003e3f8835bd8353aa72df57912cc145beaac21d51109cb4a5cc7","first_seen":"2025-11-16T06:53:31.12293Z","last_seen":"2026-04-26T09:09:06.221056Z","times_seen":8184,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/53331-cafd9ec77f422f5b.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/53331-cafd9ec77f422f5b.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 23606\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23606,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23606), with no line terminators","md5":"ffc2a9646f640ee24bec96371d8896d5","sha1":"43fb84011d63dd3ee53c4c5a6ed7bee651bc780b","sha256":"ee75b3f83f6bb1fe59b15f18a040463973036c403110a597b3e77b659b240fc9","sha512":"19765f02ce6babd708e5a582fce2a697188168486b56c78f66d75c7ad4d29e02371f839d2b967fa8094e949f2fa6de2e478d24e24b3150f0eb404dcef6fe63f6","ssdeep":"384:/bEM6MGSQhbWOoOSQ6b82p7X4WsIBcf9CkSfA9CM3ORBq5T25iaTuJ8jFNDtv/LO:/L67hSOoe6h7X4WsIBu9CkoA9CM3OTq1","tlshash":"63b2d7e993f4b6e0a006e3f8d607a8793a6e19fd7b32c95893d95c20c5910dc266ddc3","first_seen":"2025-09-13T11:18:32.113392Z","last_seen":"2026-04-26T09:09:06.253144Z","times_seen":8670,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/fonts/proxima_nova/stylesheet.css","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/fonts/proxima_nova/stylesheet.css HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/_next/static/css/d4dbba7cd4889f6e.css\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 16511\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16511,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"d8931974e63a4dc65335827a00484a23","sha1":"3295703d542b291d258e703d3fb273aa4e71472c","sha256":"5748d69fa891b81b4890fc30b6c589852acd016cc7f8726e4ef93a497f0ee30c","sha512":"a5a858b0359a3571aa1337351eebcbed993af02fc1e9f54d7d87ce39e675d455c46fe9ef7291fbbb80d29d79dc71bf2404e40a902f5ee26fc0187e92b6625cbe","ssdeep":"192:xz6b6dlmqgqYGVNCGAcCh2H5vwCGmhRgSem0pBjqkCY9WTpnOPx/OSW9r0tZxjyL:paG7KUC4ZYCrz2muZHCfWctAH/uNB22","tlshash":"36723942cccdbc624aa6148077fe6ff60b4e28559079ad57ff3c38389d115adc68472a","first_seen":"2026-03-07T05:32:19.76436Z","last_seen":"2026-04-26T09:09:06.215127Z","times_seen":1810,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/bg/landing_block2_semi.webp","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/bg/landing_block2_semi.webp HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/_next/static/css/10dffa892f034c33.css\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/webp\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 182372\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":182372,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"03a41ebfc2822966ccc84b5f11fb4f37","sha1":"8a03e5c17973d563e27d03be49e710e14c70d862","sha256":"c6c3494d6e8ce461c4d7b6d1003a9f6c5131d4bfbc81150f033713cbd161c50d","sha512":"feef02093801d484436151ede3a28e4a652c7614aed8bd49972100bc8e7fe24d276415b4be84c6bed0ba871af142c1ca12d405f8a7fdb2d43f9820dbcefc3a62","ssdeep":"3072:ReuoArLIEpV1NVfhqB14todZgaqt6eOLZCfBEunnFvrQbOPPFp8+AjJZP5o3mCoA:o1A/vfh+1Tiaqt6H1KtYOPnaNg3mQ","tlshash":"5204122892bed919d2d85bebc73d50da380cdac3ece73623df162435640c9d39722666","first_seen":"2026-02-06T07:23:24.025684Z","last_seen":"2026-04-25T11:58:25.599419Z","times_seen":2151,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/countries/in.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:11.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/countries/in.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:11 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 2301\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2301,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"f0c892dde95804d59b20416b8db9fcbe","sha1":"41f09b07a8c26144aff93575ba4a07a0122bdae6","sha256":"aa82222076d0dd86dc6f37947faf10333212886549a33c4fcf6b44141b702018","sha512":"8eadf55e31f49edebffdb864eeec76900caf6f5163d2e3cf1988757271bb7c5e2c26c3986b4fe5b2f8953e733ea0c4bf4fb3cce0ec4d1010e20f5125abde3ac7","ssdeep":"","tlshash":"2e4165a9717df8cd9b01c6fda63bb9f1b00f50496b12d3a9b55b0f0a481a4fbb0056e0","first_seen":"2023-06-13T16:46:48Z","last_seen":"2026-04-26T08:36:08.469026Z","times_seen":4808,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/css/d599adfe9f648657.css","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/css/d599adfe9f648657.css HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 68384\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68384,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"77e60a49ecd72c345eb6d17a0a105d8e","sha1":"7c659c5476a81283275d089e87a451c2a9d5b611","sha256":"af316078e923558349454aa3d8b2cb0dfcadc684e7a498de8e3050c9ff4deb36","sha512":"a35c2323b587096d233bc7fa4239878aa7d903b666070120560d11f2d52f107ae3a62ae64acc816f09a1a9fa6c14c7ea350ea2b51de0c93f18c4a1d241a06101","ssdeep":"1536:k6l7m41sxUZqCuFiDsyodIidBz9XMli9PozWNw9cXMomUgefzXu7Z:p","tlshash":"7a63b8715228f03cb9b7e81375905acf7168d507f67366eee560b83a80c76933a6238d","first_seen":"2026-03-07T05:32:19.775906Z","last_seen":"2026-03-31T20:11:27.469192Z","times_seen":184,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/css/ce4a94f3f717c248.css","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/css/ce4a94f3f717c248.css HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 28415\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28415,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (28415), with no line terminators","md5":"af3bd178bb3753649ae280b8e45ac148","sha1":"f76e05ba003ed3f7ce276bbd9980ba48d7816989","sha256":"8b8a88691ca35bea9de5f3d99d9e167bb02a2c7df5104328a3283c8366a6fac0","sha512":"f6117a20e66feb51861f46cd4522e7a03b05e1df810d0bb6c4d0935f6f8639927fe9238d32ccf1acb8e00030c9c2f7b67832d950b392bb7054414ea7fed40e2a","ssdeep":"384:+zRbFjczMTjzhyJHIcJXkzI6R/A6VijnR:+zRpjcgLOocxk9R/A6Vw","tlshash":"00d28532a124e53cf4b7886279a5a7de3058c103da3756fafa41e52dc4df5b32b62348","first_seen":"2025-12-19T15:30:31.76222Z","last_seen":"2026-03-31T20:11:27.320667Z","times_seen":636,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/73943-99a3b94d23820956.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/73943-99a3b94d23820956.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 55279\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":55279,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (55279), with no line terminators","md5":"512c4da4d156f93b7d29d8340ada3158","sha1":"082c1a240f637c6f5330486ab255cb8473ee6dd1","sha256":"daae7abd463eebc16d588ec59026a628980aa1fc881543acfef0e7cd9e60c83c","sha512":"cf33d105d2d572573799bb4a268c2b559283c358228acdf978ee5f8a930040462aa8badbfa4cd2ba3847704db49a98822438013ee13731924f2d12ef3ad37651","ssdeep":"768:TIpoCFrHcJfP4gFxZePqxkKZoesmsb4xvH+k+BtJ+cIDGQwJ9IEH6HxHRzZASR/0:TDLhZLD+tPIRA","tlshash":"474383dd4bb019cd6dc49ae9bf0600bc363e92bab069882ced4d4d3850458d9fe1bbd5","first_seen":"2025-11-16T06:53:31.11087Z","last_seen":"2026-04-12T21:07:54.990652Z","times_seen":5009,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/bg/preloader.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/bg/preloader.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/_next/static/css/d4dbba7cd4889f6e.css\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 1652\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1652,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"d4cf0d8e07d5ff0a22dde176b5e6926c","sha1":"bb3f41bbc80202459f3bd9a27054f855523f8ea7","sha256":"caa934ceb360955e8ef4eae0984d9ee475137fa2eee2b013586e25461bc1703d","sha512":"03fa93b18e1610abefaaeee02782234d164bd6de0d27aff61c5aa02e260d50e0b69233306e46bcabac18c6de2ce085a5859bd4ee71c2480acb0e4a719a3c5123","ssdeep":"","tlshash":"703122c04abc425cf604a6a9cf122875be1a64ce578564baf3ce9d06935805b8e0299b","first_seen":"2025-09-13T11:18:32.012309Z","last_seen":"2026-04-26T07:30:40.263183Z","times_seen":6779,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":63,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/fonts/proxima_nova/ProximaNova-Bold.woff","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/fonts/proxima_nova/ProximaNova-Bold.woff HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/global/fonts/proxima_nova/stylesheet.css\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: font/woff\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 52068\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52068,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 52068, version 2.3","md5":"e2cf3dc2f079bf3d5185a02552f153c4","sha1":"9e900ba7e0890a12a5697fc7ce86c058b145d215","sha256":"99a24fdd4e16d8dd4fdd79a5dd2dd7b71c2c68473fd6b3cb4eca4fa3f33d9ac1","sha512":"1043f0d116fcda17bd933ff2594b7c79a1fd41259f28aa8283d90e1a56eb6b8830861f109f9eeb3b81d79408e8a6a3648d973ee8a42fb5c096b0f84138392935","ssdeep":"768:gUZ1BWLCju+iIoHoWcknJh+7x77rai9YTRPxnE6eWPeLJWPznTdpjXeE8vFmdn:fX6Cjuct8QxDai9YLE6eWGYfbX98vMd","tlshash":"2433f1a524350e2797b7f4fa349d0665cfc6024db42b55faa4cbca019a5bff8b530823","first_seen":"2023-04-07T12:58:50Z","last_seen":"2026-04-26T09:09:06.257993Z","times_seen":9611,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":61,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/holiday/hat.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/holiday/hat.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 2987\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2987,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"ebf4ae376fe7b0c4da02abc9a0e648cf","sha1":"74f107d8c9add6f03d767e3c60b4b10d90f9b2aa","sha256":"67cdad7bd65668f2f0f392efb2933b7ee75902995fdefba25792859e4384b566","sha512":"b3fd5d449af21db89d091f46d6399f4e446889580de88f08413222d8f2b4a66c10eb09c0c3277126884f8c86fa0ba8310edb3269b400c85ef7afeb4c22a6278e","ssdeep":"","tlshash":"4c51f0f069fc608c65460738e6be88922f2d99fbb20445497d5d2ab0d717883f98fb94","first_seen":"2025-12-07T15:18:05.826288Z","last_seen":"2026-04-25T18:15:00.469218Z","times_seen":4618,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/countries/it.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:11.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/countries/it.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:11 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 270\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":270,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"4d4f20f2f1c88447480002bbf675404a","sha1":"e4a918db17e02d130c9733d7457211389b459535","sha256":"41b974254f3dd5b0853af7585c0417998a1ffa52e97e000fe2af3eee2c916d57","sha512":"04e180d7684ab9fefd920a74433c7fdea73380c5ec2588d6174ea6c14a20bdf1ebaf250158977863fd79051cc5012e5da4b9453f88998262b5cdc1672810ad79","ssdeep":"","tlshash":"e7d02b9dd07de0c448229bb03e9e31c142962327364500daf04b271861cc3ef7e41f04","first_seen":"2023-05-08T16:47:32Z","last_seen":"2026-04-26T08:48:20.644015Z","times_seen":5087,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/main-app-fef4a8898ec7782a.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/main-app-fef4a8898ec7782a.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 537\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":537,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (537), with no line terminators","md5":"c06acc17c28c2888a1a2466b0a0d12d8","sha1":"63d7278ad805cf6b27e6fb76daee100f7cc61afc","sha256":"90a949795e63ad10200d2f57df2706979fd66bd412caea2130a9c707e21c5d5b","sha512":"745f5cba8c1f8c006b2d9a1f8ec15fe3e66d7909766f446755243e1b63aa4d611233d9fa175bc9001bcbce4a4a782e79feb80846ba96f394b38c1ed2b1f3c2bc","ssdeep":"","tlshash":"f5f0fba55f0df42f5d266e74fd97ace2184f4275206b4e647d01dda23c67b6cd260408","first_seen":"2025-09-13T11:18:32.65005Z","last_seen":"2026-04-26T09:09:06.254694Z","times_seen":8728,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/api/extra/pixel","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /api/extra/pixel HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rytowin.gl/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/json\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\ncontent-length: 71\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":71,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"428647be4acae0d85bd0799a59237001","sha1":"25b1dbe5aaaf5fe53a11fdb05fd14bcad3e92ebb","sha256":"edad519cb99926a099d84224b6b7427bbfbaa60c6ecc1673c039a0723be93006","sha512":"8ed0b8ab8b00e7883301e4dc47e6ae3c38abe1686e6de48d43983fa8105203f86c36b86cff1a09c9bdf9406ac7c4ac2f8b6a8654a42e1b5d03d843b5085428dc","ssdeep":"","tlshash":"f4a022c30a200bc2cc00000008203b22eec823238300022bc00c0200caae0fc30c333e","first_seen":"2025-06-04T11:30:16.150294Z","last_seen":"2026-04-26T09:09:06.215975Z","times_seen":7487,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/bg/stat1.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/bg/stat1.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 3636\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":3636,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"a62014bb87def86bc408bac073b0cece","sha1":"24ce6cf0ee0ebe7956bc76e9bd16151ec3da5244","sha256":"69a3b7fd361a9307dd99ab7a8c12c3178f4ee11e5573a2c0f78fd014e04f4b64","sha512":"ee7ff1a7a9cf304d61ac90e25998182241854e3de44df25fd9541b3caddb222d206a4d3fa250e4d4d64ab42d595f79a0e24fc21ec4fb753f0b7ca2d64eb73282","ssdeep":"","tlshash":"d771e6cd2be812f0ec85b7f6df06642cb80e14b2598848b8f21d1f557b04ce98a4ac92","first_seen":"2025-09-28T21:41:24.045294Z","last_seen":"2026-04-25T18:15:00.471265Z","times_seen":4336,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/bg/stat3.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/bg/stat3.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 3827\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":3827,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"1b07edac84752d7c56e382e1f7656115","sha1":"1ab72bc6895070dc7d55c8d87d4f4f907c19c019","sha256":"979df951bda3030c2abf6f6508fa7d5914c95535e4c0ed1f20a836cf2857bcbe","sha512":"97c1a7ff703378b6ae5555c686ab628ac9387b52614d1144beb72d575391ae717a0e25c981a4de8366948338760c57c8a8c19913f1d8b37661a2e96c1496af66","ssdeep":"","tlshash":"9a81b4ef5fd402b4d889d3e7ee3214993e4360fa5a8a0d04f36cae89575585cdd1a8c3","first_seen":"2025-09-28T21:41:24.193021Z","last_seen":"2026-04-25T18:15:00.44453Z","times_seen":4335,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/favicon.ico","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-back=/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/x-icon\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 9662\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9662,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel","md5":"095b185e288ed8e4d934ac78fe6a4e2e","sha1":"2184e65db0603649a51777687b03271ad3fca8b0","sha256":"02731d388ee1314c7b166f9db85999de392f87d2692e6ea559903f8a7c4f4b24","sha512":"782bd1217ddf891ebd15455432de0191c7027058b1a81d58a732ce22c0d6bce45abe42df2567fcecc02684a30853ddf6a3f20a7462522e00fc4f30f3e046ca19","ssdeep":"48:9kGOkqQGX/cQPc/cqNHf86pyCt075ybJ4:9fOkBhQ0EqZrpug6","tlshash":"9812cf5b6fb5a923d90436fc0bc33b61af37224171268daab204938c3329fb7a50310c","first_seen":"2025-12-04T15:32:21.566434Z","last_seen":"2026-03-29T04:31:50.482091Z","times_seen":391,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/84382-b5a32f8f614a1dd6.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/84382-b5a32f8f614a1dd6.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 45883\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45883,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (45883), with no line terminators","md5":"ae82c1b42e03b3cf5387819a72746108","sha1":"a975c21a07b32068336ac05f0cfb618c798702e6","sha256":"edd825dc79ca6bda7fe713c540b1c84220ed1b1179febc6561982bd67e4b87f5","sha512":"b22859d19aeab0a4e096d3ac82ab61ae63f7584e5fbf1a887184ad7f60ebde8d05de34bcafce734f68583641a988d984b3de48409eeb39801f139f9c0ed6ddec","ssdeep":"768:6tA0oDr6QoSIN1MYgecH4E6+GykBw8wzVBS0aiBI9scuenXRfDlK:6tXoDGQON1MzekDl8wzCBKgn5RK","tlshash":"e323c509c9c9dbf14bbe6fbcd5a9d1c7e63733a960722ddaa751c8a0074528c712092f","first_seen":"2026-03-20T20:06:42.387202Z","last_seen":"2026-03-20T20:43:47.552244Z","times_seen":2,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/app/(auth)/layout-2f72bfb00bd0ee9b.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/app/(auth)/layout-2f72bfb00bd0ee9b.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 5634\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5634,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5634), with no line terminators","md5":"eeb148fc570d2378a9f4fb4cef9277e8","sha1":"f15bcc479e6192f1c27e2c50e9957c34d69e1dc6","sha256":"28e0352c26286fc5b9430539a76f6e36d0f8ade3679fef2b830ed3805fb8b690","sha512":"0d5e4e9dc24973836af109e4586ee36dfa759ed54863e94049c0c21323043a57cc61354a7d5016b098e269eaabf1fe4be8e76ac9b487c6fe54177f0e396d92c5","ssdeep":"96:XZ8Q2TeV9GCuyzz3qZqCLXx29Hn5G9UV3aQ+7XCrUBTCUBTVy19GCOsY89GC4b6:p8Q2TeCtiz3Xqx29o92d+7XCrUIUvV3g","tlshash":"70c1a5b7b6c5fdb2565688d088378207ba503d37205fb480a7facce53169dca44d1f8a","first_seen":"2025-09-26T22:32:24.049018Z","last_seen":"2026-04-26T09:09:06.250815Z","times_seen":8687,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/51096.d5d2efd398115952.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/51096.d5d2efd398115952.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 35333\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35333,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (35288), with no line terminators","md5":"e3c132e70a3cf169a2eca9d5a55ebabe","sha1":"b4ca48271ad20555f17c11a3e9b0acd351771222","sha256":"a756eb284f53f6210c994a6890be5af55389875c0baf7789c9bc5e555bb69f5c","sha512":"e24b666010f17d7bb5c49ca0686faf3670ebb34d1139918c87b98e22274e9951a46fc21dfad095ca07f6775ef978e8640f3b16f237dd7aac4f35cec9147476a9","ssdeep":"768:bt7hsk89UGTrNgELQFENRIP4TVNUuXCEth:bt9sk89lTxTQ4IP4JauXph","tlshash":"41f2d80f460c22f13b9711423e9e1add776d65147712c87db9aa816d338c8d9a23bbec","first_seen":"2026-03-07T05:32:19.757389Z","last_seen":"2026-04-26T09:09:06.256056Z","times_seen":1755,"resource_available":true,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/mix/landing_zeus.jpg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_zeus.jpg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/jpeg\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 201878\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":201878,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2368x1028, components 3","md5":"28ddcc23e4d8be01380e65e823904d84","sha1":"fe6cf680ed934ce00bbff66393dd076b15184486","sha256":"ce31ce6181ee64d6d05347285c6b04765859159285cfd706b617e02ab2851839","sha512":"375fd38d2afd987610235da2f48799220b401b999f012bef5d83e079e3f6142bc425d5d78991f35c8df66c88999adbb165399bd5887da34d9e2c9c495d7d327d","ssdeep":"3072:PpZCDctONi+s/9M9EpUdbnP7uAj0Mc85RjRdr/qHrDIDzyiN:L64I99P5InGjRdr/qHrMDWq","tlshash":"001490038c1c8b97e52993e4bd530dac2f592b5ce9813aff05231ecb7e645265dae01e","first_seen":"2026-02-06T07:23:23.986859Z","last_seen":"2026-04-25T11:58:25.677403Z","times_seen":2163,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/holiday/bottom.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/holiday/bottom.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 1628\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1628,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"165634688949125db4ac194fe8681813","sha1":"c8d8f84854dc11683adff1b17974b18a3077173a","sha256":"865ac8ef0db76c4a0224fc4a29905e93b9e1cf278b42f7c95c8e1d82312d5e42","sha512":"9a4001c1e30d41bda349a631e7e00d8cf2528532717f23c5f19db0ac56dbd771e779ba07390b0c8fbe0beb77b3996e45b9bbef7b770850f8db207beff1888a7c","ssdeep":"","tlshash":"f2316f5c60b6ed389984c14c8d1fe0f5361f2fea07d6975620844dadfb094ff29626d1","first_seen":"2025-12-07T15:18:05.832815Z","last_seen":"2026-04-25T18:15:00.405539Z","times_seen":4616,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":50,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/bg/stat2.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/bg/stat2.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 4012\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4012,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"5cbab71b6d96ad7f65cb930bb401ba68","sha1":"48996ecb2d0d7d9c1ecd4ccf994b9a24dd52ec6f","sha256":"a1c783e7030d327da610a9c36e0359b2e07573771468225ac6a6cd3c2d7bf12e","sha512":"5e70c60a35359b551d6009e1f63ebef5911c29a63d89ec24225f48c7f20d33982b1f0353cade31e7f541d3df5d534984b6c69379373d086a7e1c5adf536eb780","ssdeep":"","tlshash":"3881d5d82bf585e4a2869be3df01582c3d0790fa2ec54840f39c6e682f55c7dcd128ca","first_seen":"2025-09-28T21:41:24.398473Z","last_seen":"2026-04-25T18:15:00.450674Z","times_seen":4338,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/67369-222f9a02bd61134d.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/67369-222f9a02bd61134d.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 4883419\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4883419,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65520), with no line terminators","md5":"c5ee70ca6b0f10be9205923be6019f4d","sha1":"8970f24fdc7a50c908abdf7fd011fe84ab06cf14","sha256":"54353302f4543dabf5579fe09b7789fd62384f6046fa2f39ee36ea54834c3fe8","sha512":"a46dbf384ba5ddd94c97b78e4e38d5c4a84e1444f7c19563e019ceb26ec121ac60d5d5019ae772e37483461f955e7952ddd84d1951c94882156a08c13615e0e6","ssdeep":"12288:z3PyxSJSN87vIomx0wgH+vVUqmAStvp1H/llr9dhLR5EdNbE3aYAILQDEmAx//pY:sNgvIh/V4y","tlshash":"c8250f5ccb9201bdae58adc1ca4770254fe282531fd789ed96bb7e214bb0adf4301e61","first_seen":"2025-12-13T06:46:52.564072Z","last_seen":"2026-04-26T09:09:06.208818Z","times_seen":8014,"resource_available":false,"data":null}},"time_used":424,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":361,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/fbq.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/fbq.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\ncontent-length: 408\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":408,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"0b834c87557376668b3c3fde729a8db5","sha1":"872448d973ce02e75d52b31641d961601167d04c","sha256":"cc63b490224b081fc3bef6a696dc3ecbe7ea7bd45df00c8a53cfe304e7bd5469","sha512":"1c40528c95bf8c5d60ebf3dba6df8ca43390e5239ea50ef08705e547c48635a1f399f2f9d7207b4575822d2ce3dfd6e2b7ef7ee3b431255837cf2545ea5ed4c5","ssdeep":"","tlshash":"e7e0619f2c43b42733e97639c727a67b3763070178c2d919ba05c8151fe08966c96d9f","first_seen":"2025-03-19T10:41:28.92776Z","last_seen":"2026-04-26T09:09:06.255375Z","times_seen":10549,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/holiday/top.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/holiday/top.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-26T09:03:11.936341Z","times_seen":14218418,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/webpack-9a1cb9ad4f56614d.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/webpack-9a1cb9ad4f56614d.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 19851\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19851,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19851), with no line terminators","md5":"a18799109d5281e52770680865fe8689","sha1":"40541826d1f4ac7ac1f482a5e0c646328561482b","sha256":"a9bb31a0a79205ff217ee96229de19a6acb53126d24664c2ee04cda428422939","sha512":"5a7129ec973cf372ce8e5cb99e8ec8ef2e7de1b9ecd9676b396400e5a7f15211964337cad52084dfdce8b68119cb557190a6cbbea1181c116af46373abfb931b","ssdeep":"384:Efjp7DiavHhyIN48SiQ50iatLzUqzBuprDAwLq9g2r72GHZ7WRRfKDkKst:40avUIq8S1/atLw11DAy4g2r7JZ7QfKO","tlshash":"1d925cfd731cecea2d3005c2ac1764a4660871227d0a4cd1b1dae77644b6db5a726fb2","first_seen":"2026-03-20T09:19:20.770138Z","last_seen":"2026-03-28T06:42:48.048562Z","times_seen":49,"resource_available":true,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/73345-c6c417d67f761339.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/73345-c6c417d67f761339.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 325834\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":325834,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"eb597de485c3029dc93b6f3225acc0d7","sha1":"d3a6bc9d6749ea9f0ddd1b1862c90303f3ec3254","sha256":"3513d69dd757c29044eb92ab6a908ba6755e0845c38105ab2e196b0c75b96583","sha512":"1420716788ac11ed76547147942bdf2329c1bcfe8770745c3bbce32f99ca5c5866e20253ced9e0ebc4597003f7404825de2b601f8d24b5c2fce1125eadf0ad63","ssdeep":"6144:bV5sFqdfuGDdF0pL8sS65eILs3QKQmiOB0lDz:bispi9mVB0lP","tlshash":"ef644a9c7682b474939b016a807f0107f37e2d57240e4824f270d9ee7975e99a2b7fb8","first_seen":"2025-10-16T04:05:32.880573Z","last_seen":"2026-04-26T09:09:06.227053Z","times_seen":8646,"resource_available":true,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":74,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/82849-e1ace10340da2839.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/82849-e1ace10340da2839.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 180485\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":180485,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"09e0a34842cd0e30fd0a103b73b7933a","sha1":"75567ccf60797bc81d69dc734f9774ad1342143f","sha256":"f12d043b9839790120fa75ba522fb17716f8f3b3df5b822bf0aee7b5af0c2f96","sha512":"38b09073805dbff075ac0462501410af1fd66fcf52c051eb6e8cde616c99d6e2676e62db25e9cbeb38c425428a40be07f807c2c09e108bb846ad9feffbfed49e","ssdeep":"1536:4UcXlryCtX55mQPVpmsuIurLJmvU340MLsUDG3BZN2EaZxVcGR5c7dhP3Whj21mR:3+T","tlshash":"2304d5debba0a2f4f005e7f8d7124468366b39fe6e52ca68c3a91d15e90108cdd59dc3","first_seen":"2025-12-06T12:30:49.949747Z","last_seen":"2026-04-12T21:07:55.011823Z","times_seen":6510,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":57,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/app/(landing)/page-e7fe8e8ad23b29ea.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/app/(landing)/page-e7fe8e8ad23b29ea.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 15196\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":15196,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15196), with no line terminators","md5":"57ab5207f165097bf8048ff6ac58edd9","sha1":"5f1984f30e565b7d20527c75b9f8ac7228c661fb","sha256":"712998b4d267cbd541235b2f83cf08c24dbe90f6ecbd63636429ea99eaaa9bb4","sha512":"c1b7cdf3de51f6ad8c3c614350677263fa34f09c817c85911fae9c77d2352de18283a80c30201e456c8e8d9a84fe9182f96b773e5f99c218beafaa0f1b4e99a1","ssdeep":"384:+Saddq55XGydqhFoSObqu7zYOJV56Gchz:+Sqk5WWWoSObqQJV56hz","tlshash":"c262a741e254daacf45394adc32ea03d326f2599d65e8570f8fd9c3461094c8fb2bbac","first_seen":"2026-03-07T05:32:19.748Z","last_seen":"2026-04-13T14:07:11.587471Z","times_seen":656,"resource_available":true,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/holiday/hat.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/holiday/hat.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-26T09:03:11.936341Z","times_seen":14218418,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/bg/landing_block1.webp","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/bg/landing_block1.webp HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/_next/static/css/10dffa892f034c33.css\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/webp\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 143252\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":143252,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1692x502, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8201728c6e2cf2db0d1c3c296e9ec4f8","sha1":"1c5b38584ae934775d0ec23c9b0ebfa494bbb8e7","sha256":"308e698488e68037d3a4648279c289467061190da02ace13bddcff1f7dfb24a0","sha512":"76993a0e63c176ce55b170cfbff41c65712a660f800904f7ee54e504e66df07343bbfe33d810cefab3d7e959046e5bcc49685c1d82259c5cbe0d30902ad16923","ssdeep":"3072:jvdXxTC52KjJbmSFgMLRAQPodctih7E4opiSOVmDjXvzV:jVVC5/mAtLRoctiREXpUUDj/zV","tlshash":"3fe313be76b10ae8a8801cdf021e48b97f355f1355ee01c67b27a68f05a3519b5cdf0a","first_seen":"2026-02-06T07:23:24.023009Z","last_seen":"2026-04-25T11:58:25.612042Z","times_seen":2148,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/api/mammoth/auth/check","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /api/mammoth/auth/check HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rytowin.gl/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/json\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\ncontent-length: 38\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"aced0d4c1bf7b416bd8757e86c69b12e","sha1":"242609e9dc75daa64e55af8d8254cdc02722ee92","sha256":"831690950d50aa783757553ff7dce0e549b2bf0c29fcc850ee8ef7a7f6bb54fa","sha512":"8c854561d71566fbd9d1e18c91f1bd391cbedf2b2e8b52d84205d4f773f36b14bfd5d3ca2cba9f5a300b8d96b025ab3eee5d5e3a19985e78386e04584e24d0b3","ssdeep":"","tlshash":"8d80040115000173f4001144113c1d115c54533745410014fc7cd0c4c7530d53043c17","first_seen":"2025-09-13T11:18:32.558363Z","last_seen":"2026-04-26T09:09:06.216798Z","times_seen":8403,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/countries/pt.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:11.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/countries/pt.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:11 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 1445\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1445,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"6e9db125513715df3ec213f701b912d8","sha1":"f0fbb6a6e5b7a068d28792280f397a4b879deeff","sha256":"3054e3bbce0d049b0ab3d157a16b24f7a572a7a45e73d342e3b7b8d5f28f0a4b","sha512":"06c04e06e44b97fc2b4379173dcaa7003f3cc5ed58db1697e0934f96878fc16928e08eef9a0be085cafd61b545718da8e8a7d8b456b57b194a51c1e22128c775","ssdeep":"","tlshash":"4a3174c9a335b0c24a17cfa87f2ef3c2044a67f8291c9884708ba90c3955bcdbac4d00","first_seen":"2023-08-14T20:47:06Z","last_seen":"2026-04-26T08:41:28.520915Z","times_seen":4756,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/muskColorDSGN/mix/preloader.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /muskColorDSGN/mix/preloader.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 72100\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":72100,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"850e1745f4385099a3518d32d9145e74","sha1":"69969125e203608b7462ed6f8eaaa2917d48ab0f","sha256":"31ccdbf4baef0e8d2e5ef2d71b200f1b8288afa891e6ea50729feecd86dcb895","sha512":"617fd124ef9ca7077d4215668197b1bd456b3f6dd2063130545d4040c4ae11c1d37a569ad757ff74ee26ccedb5db2f150439c8c515bceef6c0434c81ae46edee","ssdeep":"768:YDpuRdZRXU55SUH2v9rirdHR96Hi3WdoanhrqCLUEBHp5ZuQ+Ip1xLtaD3LxUynT:Qk9eui+hrhUEBn8WXED3Lx/T8QdxGwlH","tlshash":"a06395ed2bf018c949c8c3d7ff5944a92d2a91fba5484908f65c4fac1b85c5eec47ac2","first_seen":"2025-11-16T06:53:31.140817Z","last_seen":"2026-04-26T09:09:06.217594Z","times_seen":8230,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/dc112a36-4dd9553e3950a789.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/dc112a36-4dd9553e3950a789.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 305838\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":305838,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8b0312e3e2ff7226227ee081f6693db1","sha1":"823c7003795d9623f8992900a6f337f599bb7eda","sha256":"dccd0125f7ca7c6c5f3f8ae7d813743257cb55899fcab2d63b70fdf06b2a05e2","sha512":"612eb966b9409ee719588a9f82170d4d6c9b5c075b85981a1ac0dc0fb8119997de7f6a139ba2908d7ccfe0ab342f452e39ca15ec3d9fafdc1c2a7d36cda06d87","ssdeep":"3072:Hbyz4KjrqQmINGbpJGDc0Lf1c/X6Rpbdt0myoQj7sOU1IMi9wD5yojt:HijOQmINGbpJGDc0Lf1c/qD0erI5BEt","tlshash":"295419597254343805c540a9906f094bf736292e246ac49cb36cf4efa8bdecd31beb79","first_seen":"2025-07-19T01:07:13.417114Z","last_seen":"2026-04-26T09:09:06.223839Z","times_seen":8735,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":99,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/holiday/bottom.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/holiday/bottom.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 1628\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1628,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"165634688949125db4ac194fe8681813","sha1":"c8d8f84854dc11683adff1b17974b18a3077173a","sha256":"865ac8ef0db76c4a0224fc4a29905e93b9e1cf278b42f7c95c8e1d82312d5e42","sha512":"9a4001c1e30d41bda349a631e7e00d8cf2528532717f23c5f19db0ac56dbd771e779ba07390b0c8fbe0beb77b3996e45b9bbef7b770850f8db207beff1888a7c","ssdeep":"","tlshash":"f2316f5c60b6ed389984c14c8d1fe0f5361f2fea07d6975620844dadfb094ff29626d1","first_seen":"2025-12-07T15:18:05.832815Z","last_seen":"2026-04-25T18:15:00.405539Z","times_seen":4616,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/countries/fr.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:11.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/countries/fr.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:11 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 270\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":270,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"c1a36c711f0ae0ab46c7dce06f63a723","sha1":"5cff6743ac6eed2912288bacd35c363a2d586d18","sha256":"861059eae96aea4c38466209edfad68fbd84ada37bae4ccac92d03011046a524","sha512":"e8d4869bd8d77613770a36de15c23dfade7a3bf3a465c4a6c79be55d9d6660874b5cbb60e631f04964840d3b4d736ceb25f31b30779e8d5ec64023f8e855cdeb","ssdeep":"","tlshash":"f0d02b9dd07de0c448138b703fde31c1418a6326364600dab047272861cc3ef7e40f04","first_seen":"2023-04-07T23:46:38Z","last_seen":"2026-04-26T08:41:28.295951Z","times_seen":5109,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/4bd1b696-ad7506e6ce5b48e8.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.740Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/4bd1b696-ad7506e6ce5b48e8.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 168420\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":168420,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"15510eac41ab1d5ef4d07adf66470336","sha1":"af7eb0a2168918b5999e83b71a10ba52809f38df","sha256":"e5b9e2570593ab1e59ae6a397baec8491e4c3d5e4628aa1439940ac0e2aee2fe","sha512":"116e3ef82cb1608f729f9731bf3ba61a1a75624fec0adf57d0536e5f7e1abae6c939e93af5bbde399079cc1634b5ffda250a76f08571d2e30c88eceecd05b22a","ssdeep":"3072:btfjLiM+NFCC4YQbCCAaI/02UHCgwLRE4:btfj2ld4Y40fUHQRE4","tlshash":"0df3f7e83d99e2116eb342a7109f2803737c262b240d4c60a615fd9db5b845bb17bfde","first_seen":"2025-06-09T17:09:55.347659Z","last_seen":"2026-04-26T09:09:06.218416Z","times_seen":8746,"resource_available":true,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/holiday/top.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/holiday/top.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 109971\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":109971,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"765e4b902462e81209a68203122c5462","sha1":"c8a22e10bde49777ae443e9f3a3b6bf474659b68","sha256":"0d81c69880f645eaa8ad5bc7f874fe5c302d163c6ddf8e2b2e5633c222949f88","sha512":"d34eb7f720beacdf9d545cc1219a56e2a26b05477d98d9ed188c116bc9319de2f49db046893a0ad1680ae6a9c81bf69190f5de47bc94fef0b5f99049f36a65df","ssdeep":"1536:TVcmxdYMDacj729Kbg1AsjwaT2ROc8n6GheoROmsrLc8h7CJaEukrWE/A:x/FDa42Kg17nZtgER+","tlshash":"47b3f9fd6b6185e0eecf8af1dd3649907f1b34fe2b52525482a4ee607833e58894cd90","first_seen":"2025-12-07T15:18:05.795582Z","last_seen":"2026-04-25T18:15:00.483986Z","times_seen":4614,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/countries/de.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:11.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/countries/de.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:11 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 271\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":271,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"939afd91bea7074f84f4a328ca095295","sha1":"1a8edb7520cb812fd35996134ae823fe8ade03d9","sha256":"8e3c8f938c6fc4fc97c81f398a71d0d789b44b6be458469d7056372a2c05837a","sha512":"a3922e78b9ac5209cabea2c0945d474d24035a4e78297b3105779cea945b931ae83a59ffbf73e2877f2da42e0ff7fb5f23c297c1d7f7d09da3644ed63d82ef6c","ssdeep":"","tlshash":"c7d02bd8506ae8c04d16c7603e6c32c1288a6259238800dff0835338a6cb7ceb745f50","first_seen":"2023-07-03T07:07:12Z","last_seen":"2026-04-26T08:36:08.586714Z","times_seen":5098,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-20T20:06:08.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 666 No Reason Phrase\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\ncast-mode: default\r\ncontent-type: text/html; charset=utf-8\r\ndate: Fri, 20 Mar 2026 20:06:08 GMT\r\npragma: no-cache\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=;path=/;max-age=0\ncs-back=/;path=/;max-age=15\r\nvia: 1.1 Caddy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"666","status_text":"No Reason Phrase","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5103,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (5102)","md5":"956b643c2454a7e0f579a9286406fff2","sha1":"cc6b5d6ff7546dd603a95dc02021d502cd9bc8b3","sha256":"c396babd7f49262f18a3a2ec34542c8e314cb4d869875152bb9675a6bb6066ea","sha512":"375c33c31b50ec8e51e51007b0c56655678c017509cacf51ffced23eb5f1bb8e9dde5cf6100421ffb97257d5275f47986ec4cccdb8c65c03cadc64a196a71a31","ssdeep":"96:bichOxrAngg3lSUpRNfvoZQarjLEbXNS6kjnul4Rt2+anx:bich+rAngY0UbxAZv/697kjQ4KR","tlshash":"39b185c5b90132a49f7676635d3f900afe2f5c90348fc294f190e5b0ac7ce49447aea5","first_seen":"2026-02-13T17:42:20.295511Z","last_seen":"2026-03-29T04:31:50.48108Z","times_seen":593,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":107,"dns":31,"connect":31,"send":0,"wait":41,"receive":0,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/verify?r=8bcd2f1dd14b324ffd533efa1edc8426","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-20T20:06:09.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /verify?r=8bcd2f1dd14b324ffd533efa1edc8426 HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-back=/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\ncast-score: counted\r\ncontent-type: text/html\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nlocation: /\r\npragma: no-cache\r\nserver: openresty-cast\r\nset-cookie: cs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600\ncs-back=/;path=/;max-age=0\r\nvia: 1.1 Caddy\r\ncontent-length: 147\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14279,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-26T09:03:11.936341Z","times_seen":14218418,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-20T20:06:09.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rytowin.gl/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\ncontent-length: 14279\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14279,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (14279), with no line terminators","md5":"48008b96c3c4bd89ce6583ffbf03584b","sha1":"6cf5cc9645cf8c65f50600f80ed0a7f61a164829","sha256":"c4fcb67ec296aa0c27718bdf1a0e1f81a86e0addd683d960869abe9e6e7f9ed3","sha512":"2c92db4ef63af0df9c65caee247e45aebe0165466f191fdc1a5d9efc1da9bf2838e0b07eb290e7367bb225fdd69d4c7e8cbb0fadea1850a13694b346d118ac3a","ssdeep":"192:EUB4BfBcUOKMMwQKWhnvefSpGB913MCqFnQb7bmnznCrfj8Z6b79W9oH4O4t4ON:EsgZtONMwQjv/Qb7b0rCbj8Ib7M/O46S","tlshash":"c152201bbc05cd079c76ad5d013e5e3a90cecd3b8a34c9b8d28cce5d0652aba5bd9c81","first_seen":"2026-03-20T20:06:42.398927Z","last_seen":"2026-03-20T20:43:47.496102Z","times_seen":2,"resource_available":true,"data":null}},"time_used":51,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":47,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/app/layout-414e3e65ac0c109b.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/app/layout-414e3e65ac0c109b.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 10496\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10496,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10496), with no line terminators","md5":"3733ec17ec7ac052663bbaff6f9be56f","sha1":"675df33bdc098f2124a4720e5e220c6461765bfc","sha256":"a436c6d41a0f8c975ac3045afbfb4528489f1289bd2dd41068b5a0cb216b2be9","sha512":"9133a2e5a3c78c63b2b31c1c0316b31f9fb82cbfab537b0f82abe77ed5a844721e4da4ef459e4ac1aba6a46a0b18e0120b19a36e1a3064f03aa3f6acfc30b209","ssdeep":"192:lTUQUBoSCqdopNRDvf31/wZbMdyeTJzTF5zb6:lTXUycsNloDeTJzTTm","tlshash":"4022c711b484fcad0be3c49c9cafca08d16e1b16d8a8847f9f1dd62910b295df175b17","first_seen":"2026-03-20T20:06:42.400192Z","last_seen":"2026-03-20T20:43:47.490433Z","times_seen":2,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":70,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/53090-a64743b05c92b22e.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/53090-a64743b05c92b22e.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 15666\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":15666,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15666), with no line terminators","md5":"15925877203605d5f2355beb36d57347","sha1":"17da103edacb7e181adbf9304938d039a200c1d7","sha256":"a986f72fb7dc330235296b864ba0f244f1126b2eff777b8a13ae36875dc96157","sha512":"ad516778c2e0dcaa482b03f5ab7a44fea87ce340ae85aba921277db245d9e6c5a49f70a27eeb99b6bef662c873647590edc83e75c63116c4e456045245b91568","ssdeep":"384:hC/SLOZgztFl6pfisYkxdZEAXtwdt4DvWmV9PvTLsb6r7/:Y/SCZ4Fl6pfisYyZEhdt4yIWbU/","tlshash":"0862c6e0d362fad8ed6785d5f12ea906b11f2f988b19c074f6b85c2053181c4ba27b9d","first_seen":"2025-10-16T04:05:32.826709Z","last_seen":"2026-04-26T07:30:40.251005Z","times_seen":6718,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/58733-c5eff74fea05461f.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/58733-c5eff74fea05461f.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 18872\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18872,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (18872), with no line terminators","md5":"608213cbae5946f55bcf6e3e236643d8","sha1":"e6181592f15a748e4b0e3a86966dc1cfb5d508e5","sha256":"dbbc5742780c4bcf13e1aa6afe878f0beb77154dda969c40b074b762a7afbbdc","sha512":"22e77044234d9e0b1b4cfa606b0cb04a83d7492edd1392a1880a984adbc4742f98397845f91d4a09f49e0ff4be85d190e7857113b818a5125c39ecd965504cc5","ssdeep":"384:7ry4eoKi6rba2BN4eofEPu2jQi/Q8nTREBJ6F5ACxKv82wfLba2B44eowGJdba22:7DHiG2Bkeu2ZQ8T6BJ6F5ENwDG2BZhJ8","tlshash":"498286e5e3ca73d0e10af7e44116943c3b6b21fe2b36cf584b9badb0a61549c654adc0","first_seen":"2025-12-05T05:01:35.743711Z","last_seen":"2026-04-26T09:09:06.252399Z","times_seen":8099,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/countries/es.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:11.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/countries/es.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:11 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 629\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":629,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"a8224968196d0dd6d84e44c98093c280","sha1":"882b8a579de32e24e13e999b411abd814071cc2a","sha256":"f8cf69e4d0d285ff8e9be18f239b65e38fe1a235086a8daae53b1baa1e7a3557","sha512":"096da45f1e9c9fd020364a51f387110fe6b08969d607a52acd6acf7f01215e15ebb88c93484b7aef1392143f744ca491f8862151d5c4850ec8f7b9d4d419e870","ssdeep":"","tlshash":"bcf049c5743db18388098b742d6e70e6408e721b554814dd70079b28a3aa3df7ac2f6c","first_seen":"2023-04-17T16:03:39Z","last_seen":"2026-04-26T08:41:28.557203Z","times_seen":5056,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/verifyjs","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /verifyjs HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-back=/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\npragma: no-cache\r\nserver: openresty-cast\r\nvia: 1.1 Caddy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":188930,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65415)","md5":"719ed636d0db40e55434c2b18f007bb5","sha1":"c846045f3be1bf66e3156f9308c0d770c23dbbf4","sha256":"89c20602a1a578f50827fa385668b3429f2fef224fbfc6d0a99d7008e437c5e6","sha512":"cd89dfdf621b4ebdcc08ba466c1b4cef842e89cbd3a0c13ed42b2da962f23c630d6070e245b7e2e14ead8b93b379235f575d6dbcdc02650ae3f82dc27763f428","ssdeep":"3072:d3iH592QSLlV1m1uIo3xMI7s6iEatghQmrVGpTZ3APxl:4Z9sVgkIoBMI7s6fhQmrVGNZ3y","tlshash":"4604978129ced10c82e2daa642373bc9e8855c2d8b461cfbbe0af2cde55c453b1f7594","first_seen":"2026-02-28T19:09:18.176997Z","last_seen":"2026-03-24T20:06:06.307272Z","times_seen":25,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/trumpColorDSGN/mix/preloader.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /trumpColorDSGN/mix/preloader.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 119318\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":119318,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"40fbaa8ff12ac1ebf23154c29e67a191","sha1":"a0a3a6c3b2a35874dca992b65fe8651809da05a6","sha256":"234f1a89ac1c64f2b60e7b7aaf30d3ec2cd97acd3f5fc844f4f55256eccaf843","sha512":"5c97f0bcda3d832001d8b751d6140ba2835b2ad34989ee6c4e9b44211dc8dbcb099eeb28666d6555505235ea97f71d37dc7c1a19e62c3a98a0cbd64e3c698ee8","ssdeep":"1536:objgkWcss2wEHMgG7RPP1VLatHLKazXxzP4D:TCB","tlshash":"edc360fc1af062cd88c0c7d27f69d2b93c17a3b798580805e66c5f5c0b9a96da851bd3","first_seen":"2025-11-16T06:53:31.134866Z","last_seen":"2026-04-26T09:09:06.256696Z","times_seen":8229,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":35,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/36860-0a9464d566324679.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/36860-0a9464d566324679.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 19669\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19669,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19669), with no line terminators","md5":"ebed528d50f9e0657df76bf19dbe2ebf","sha1":"a745c8cac0f897a2e288bc643ba629bb89df2609","sha256":"f4ff2580f3ef611ca05990dcb937f89c700e24833b675e4039f569f79cc4da76","sha512":"8d0b8b70fcb7c71739ed7ed80ac98ec09aeaa478324288358e4c3f9622198dff8ed0d43a17e35e02c00537fe4d11c8d68a1fc9a60548aece0b1489ef3d3da6fd","ssdeep":"384:5mkM82Xy7PBRB7/z06STNN8txdOTTpPNUp0icpUAHEvDBUgf99Kxe2/KtyTnVfdA:UkU2fzuT778bwq5mL7TY","tlshash":"8092492b68365877a6d7bc748cae504c596fd24ba329089e773cef7404871ac394b3c9","first_seen":"2026-02-06T03:10:14.100987Z","last_seen":"2026-04-26T09:09:06.247997Z","times_seen":5207,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/api/extra/holiday","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /api/extra/holiday HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rytowin.gl/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/json\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\ncontent-length: 29\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":29,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"64bd1ee4cca69558fca5317e81a2b469","sha1":"7be9c89474e4f8526395703aacc31165a48f6c7f","sha256":"5ec7611613d86543be443ebd6f2043ba9cb5379a9e39e7b37c8fa3d7e88278d5","sha512":"457194cab8d05978a245ca36617cb89d474ddeb0c1181e5d5e29f03a092c21fea68332e1e7bd23c01a2721aa304d67822888fe41d01b69f83da3eed5e149bc25","ssdeep":"","tlshash":"228000022a2008aac808228002382f0028a8222ba0002008e08ca008eaa2022308382b","first_seen":"2023-06-17T21:25:09Z","last_seen":"2026-04-26T09:09:06.222091Z","times_seen":6369,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/53069-bc2f18ad589424b8.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/53069-bc2f18ad589424b8.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 44317\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44317,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (44317), with no line terminators","md5":"107cb75a0c53987a209e2e7a8951b55a","sha1":"e8f418769d1d1f2858e2962b291b49ef960e6026","sha256":"34a6db6410f88a7b41716feb828d1982400a702e115250fdb6cbd3a5a618390d","sha512":"325008b525fb11dd0404a45ff42c54c4fce64f5abbc62231131f00fe7053ee9b626f32a7c63b1cfcd26b04ae6b65a99e93b0df665d9a992664c4766827b580a8","ssdeep":"768:9VFYbMnfiNkuGxL2umLBbPEOSQ7Lhkd+0xiFxVuxMgCIw/A33SUYq31kBVVLLEhx:TniNkDe52eh/oVkZL9DxFW0MSdUTB","tlshash":"42131a88633593e8f1c065f8d217649cfeae6aa4e741c470d3b16d11a0c78dc7a66ec7","first_seen":"2026-02-17T15:04:52.286204Z","last_seen":"2026-04-25T09:06:41.0215Z","times_seen":1300,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/app/global-error-2870bfd8a75981b3.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/app/global-error-2870bfd8a75981b3.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 257\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":257,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"b9a1f9739cea566209a5d97cd6bbdf58","sha1":"23d3e0b04f270abae4738cd56edf40dcba207c94","sha256":"94bc684465b19b338426f3f47ee0f7e3f162dc01138340a20c4ab9bba9258120","sha512":"082430a5d2b35da80f04382cf4afd243fa7ae0ff20527605b3a62e183f53af51f96b7e8107985516c4834babd69fa7fb485b6e43def1c9b4d4347d54ae5fce94","ssdeep":"","tlshash":"8cd02bc51191bea874165aa955b4c835304510f7302ddcdee713ee2108a25a00351c0d","first_seen":"2026-03-07T05:32:19.751926Z","last_seen":"2026-04-13T14:07:52.37617Z","times_seen":1120,"resource_available":true,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/favicons/greenColorDSGN.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/favicons/greenColorDSGN.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 1468\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1468,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"50679c0c5e3ed56d05c1d0ed312419a7","sha1":"f9ea27ac71a78da2d61e14b84ea77ce447920d9d","sha256":"c164e1ea36438d14fea9b88996d154275a4c92fd80bfa082c7e00a343f241147","sha512":"163d4097d60ecdcf58cd01ea828e74491b0e27fcf3d40a2e7c56e6c90042d6d9a9b6cb18825052caf8799836ad35a44c1c88ffd2c35ce5d888d23716c27dd0f4","ssdeep":"","tlshash":"a4312e9e77fea185f448e7f8023999b932d36cd33a04d8282bc00c02e98091e9c9588b","first_seen":"2025-09-26T11:40:39.971586Z","last_seen":"2026-04-26T07:30:40.274764Z","times_seen":6786,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/mix/landing_girl.jpg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_girl.jpg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-26T09:03:11.936341Z","times_seen":14218418,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/mix/landing_girl.jpg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_girl.jpg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/jpeg\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 78517\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78517,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1184x514, components 3","md5":"8d25c1c54ad4e4fda7a046718150d345","sha1":"040d0a141110b4931b44882a4a7f684c1d88ccc8","sha256":"396fd7d00555a14daf95d589cb71ca04832cb73a1f4d7526dfe1230cf289d24a","sha512":"55594743a12b9482a937157f0e70d6b72938d8ef197ba4592fb0be93af2aeb2c637a17bbf74a269a3074cf9dc5a95ffb86ba0b5580b0a7fbd353eb863369e0d8","ssdeep":"1536:5UoMN6p0PBEXSUrkj4srs72ZEsEsKuU/jfT7OxIlp:TMNw05cSUrUrAjvu2jQSp","tlshash":"2c730247ee4840f69c1d4cb47c961c6e7f602aad2d725a0d3b124ec52bc3b8aec7e456","first_seen":"2026-02-06T07:23:23.951452Z","last_seen":"2026-04-25T11:58:25.63006Z","times_seen":2160,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/mix/landing_zeus.jpg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_zeus.jpg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/jpeg\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 201878\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":201878,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2368x1028, components 3","md5":"28ddcc23e4d8be01380e65e823904d84","sha1":"fe6cf680ed934ce00bbff66393dd076b15184486","sha256":"ce31ce6181ee64d6d05347285c6b04765859159285cfd706b617e02ab2851839","sha512":"375fd38d2afd987610235da2f48799220b401b999f012bef5d83e079e3f6142bc425d5d78991f35c8df66c88999adbb165399bd5887da34d9e2c9c495d7d327d","ssdeep":"3072:PpZCDctONi+s/9M9EpUdbnP7uAj0Mc85RjRdr/qHrDIDzyiN:L64I99P5InGjRdr/qHrMDWq","tlshash":"001490038c1c8b97e52993e4bd530dac2f592b5ce9813aff05231ecb7e645265dae01e","first_seen":"2026-02-06T07:23:23.986859Z","last_seen":"2026-04-25T11:58:25.677403Z","times_seen":2163,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":52,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/countries/gb.svg","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/countries/gb.svg HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/svg+xml; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 1183\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1183,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"99a9e5571c2f5acd9cb910ce6a3f39a6","sha1":"876935939a01dae371583220f75bef15b5185c68","sha256":"5ff2f32ed6905d887f7d771029c1e65b1ef059e92260b548908cabb4e886bf19","sha512":"14cfeeacd8e2f9b67bf2e1f5b2823a98fc60854fca5afd0b10be72ad647ffd38aa4058188451c98e2045628706f0b84dcad508fa901ce146705102fed962de1a","ssdeep":"","tlshash":"ea2163c84370b5c059a74fba9f28a2dc924925f9ddc96ecd10be0538445ff5ed01f009","first_seen":"2023-05-08T16:47:32Z","last_seen":"2026-04-26T08:41:28.369015Z","times_seen":5246,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/app/not-found-fc9e14ca8a12ea1e.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/app/not-found-fc9e14ca8a12ea1e.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 57585\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57585,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (57585), with no line terminators","md5":"513754cfa2d91f1f4ec59f666e8e64f1","sha1":"e7c65abc2aba2a3b2a34ca6c818188dd6dee9d16","sha256":"caeb37f0127a0aa35cb44554fe861ad9f79f13b433a04e4ea1836634df96d2a4","sha512":"37d0d55820bad028c997def5d851dfb42121d285462bc8952db7b1182ea060a0a0f4ea6a3fe546a78d8f2ea423f307b305ec0c69ceea3cf14e801159bd669e75","ssdeep":"1536:k8cwg5kif2aMaiR6HKf0x0XEdw/BvD7/a9yOAS:mdw/0","tlshash":"3c4374ed5bb009cda88896ea7f0610bc373e41bab46d8928ed0d5d38a0418d5fe17fd5","first_seen":"2026-03-07T05:32:19.76343Z","last_seen":"2026-04-13T14:07:52.366565Z","times_seen":1120,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":35,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/39801.084c1265ceab40f6.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.454Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/39801.084c1265ceab40f6.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 108722\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":108722,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65270), with no line terminators","md5":"938a092ea2cdcaeae93ee6b6fd784f5d","sha1":"204510eb11b94c92302c6c311741622a1b09ed72","sha256":"7ed47e76a0f733ab1ebaf59b88ef5d3a6a671bf8c1af48ec74cd9cf01377fc7d","sha512":"e30fe668cf899f5e6aa789cbcd1cba95248be44ec02966e22bcb4cef06200e6d8c5fd243415b0d30cf697572bf5ea6b0d51a7142fa45ccdeac9678688efa8a48","ssdeep":"3072:pRrcfJstYNwTXVN16F+ZbBiliiyXnbAlHq:ostY5GAGbAQ","tlshash":"b9b3f80f420813f22f921202369f69deb72f515563668d6578edd03c234e9e9a23bbdd","first_seen":"2026-03-07T05:32:19.784979Z","last_seen":"2026-04-26T07:30:40.281628Z","times_seen":1406,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/css/d4dbba7cd4889f6e.css","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/css/d4dbba7cd4889f6e.css HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: text/css; charset=UTF-8\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 8912\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":8912,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (8912), with no line terminators","md5":"14fa61a011b8e8cf726630cf0206fc19","sha1":"6de38f0fd7d521847061706234892f4731ef9aeb","sha256":"3d0b8817a44a043ae48fc8ad7c8ecc03ad846be0e6628db6eb09f54740df9be9","sha512":"5dfa4d762937c8bfef6d04725dd4067f9259749ac738b0844f82d8b81a2e3ba847988785a6559b5fd2671ff4fc1f9f677e69d5a5c255f047fa4c2a4016531491","ssdeep":"192:SWJhP3QmRtK1Sr1MmGs4ir/MmGhxorc6UAPHjvhGTR9:ScQmzK1Hmz4fmfe","tlshash":"e902c93fb311a072414b4f4d8993af7a996ee186d7136a6ba0d4080cf3ce5d114e5edb","first_seen":"2026-03-16T20:04:49.237974Z","last_seen":"2026-04-26T07:30:40.247245Z","times_seen":1391,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/31684-5738d0dfaad74be8.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/31684-5738d0dfaad74be8.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 176077\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":176077,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"338198f53e9ab0bb77a7fc2f057a8540","sha1":"78e8deb3e3e2703d617dfbcbfca2e893eb3cee92","sha256":"d3844f2db215d099728ef83a3b5cb3cb82279b669b231f54d2cdbbd958949f1d","sha512":"62ba9ce051e6974c6c74745a4ce6b49badc145041893b048ef42f09f979d0e579928ff78b7aa8abe587c73799a890c26703566918003494a9d1a3062ac019889","ssdeep":"1536:3Hk+1qVc+dJWgclHHlU0ob8OeM8aZLoEAEuRaQ3aTcXH10nZ6XEL4ZXEoFUOnN/e:VqW+dJW9QAMiEuV36XZmUON/e","tlshash":"8b04b8b676d0f89107a780d5843b400af3395c3b146f74a0a3e6cce975645dea1b3faa","first_seen":"2025-12-07T14:40:32.389468Z","last_seen":"2026-04-26T09:09:06.226233Z","times_seen":8130,"resource_available":true,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/58211-d9d578b8de9e3293.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/58211-d9d578b8de9e3293.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 39725\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":39725,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39725), with no line terminators","md5":"f7d84948f8ca0ff495e7533d0969b670","sha1":"3330c776cfbb7ea04d30b89a9686eaea35f24747","sha256":"2180eecb87df810a0f91771ce87e9c4f6e185e9011d00147eef0ca9c7ed750c1","sha512":"04a5f0711a52dd8bcfe0ea6d66662ed5e0a8610c8caffe461a8c8178f8f40e55b4c40c7ea11716a7dce1631534f5e22f9c5d86393e31835bcc686e4aa6254c85","ssdeep":"768:01KE8vZ7HInPlFvvb5AvexGRrxVP1fr4UK1fWbqYsCL1fZnK+jBV9YCO:0voWV","tlshash":"f20399866740a83d2587c16fd63a6415f3bf14ebb92f9390219aca3cf506dc0f5365e8","first_seen":"2025-10-16T04:05:32.927959Z","last_seen":"2026-04-26T09:09:06.24712Z","times_seen":8612,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/global/twq.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /global/twq.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\ncontent-length: 308\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":308,"size_decoded":0,"mime_type":"application/javascript","magic":"CSV ASCII text","md5":"7f4d9e824f13f7d27acdc868f36f7208","sha1":"125a712d37aefe5d3e52ce2ae8986e109eb473de","sha256":"d6768cdba372d919e6d9322bf3cf3a0dfe427d86293aaf16f23d096028a00a1a","sha512":"d6395459961f34c3efc4c55ffa6bd873fbf20cf9aab17d31ec926d7ff645cfb9ae0cfea469b98e0604c5de162b60eb1bfc7b06a6fe91e3497f3a4fb32d29c20a","ssdeep":"","tlshash":"66e0e7f12d093d631fa11374117f931f3143210575595b91d59cd540376249f8037b8c","first_seen":"2025-03-19T10:41:28.935479Z","last_seen":"2026-04-26T09:09:06.214141Z","times_seen":10541,"resource_available":true,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/greenColorDSGN/bg/footer_support_girl.webp","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /greenColorDSGN/bg/footer_support_girl.webp HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/_next/static/css/ce4a94f3f717c248.css\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: image/webp\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-cast-cache: MISS\r\ncontent-length: 57850\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57850,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5faac5f71c2e22c65bc69c285c0d3696","sha1":"fca1321d83571cd8e5cc3675251b7b1494657524","sha256":"9bdf3122176092018f424668f17ff2671b31372edca458b79c74cd9d499098e3","sha512":"2313bd524395624d329705b1f80dfbad7fe65729a4b5e02a2822ed990a6f9b0d78081b08210c70666d4b6076827ddd27948179654db24209eeb65cbe2ac9a5ee","ssdeep":"1536:MO09/ae5eKf1sIYm1Utg2OTeeydxh7F+euCxPO5U:69d551srmOTOTp+b3xPIU","tlshash":"ce43013c7ae9b930cda1243a4325ddd59c20c652f80b346abf9d86907224d7c9fc39e6","first_seen":"2026-02-06T07:23:24.013748Z","last_seen":"2026-04-25T11:58:25.621438Z","times_seen":2150,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/58172-2e2ad5efca352ade.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/58172-2e2ad5efca352ade.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 15156\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15156,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15156), with no line terminators","md5":"a9784916761bd2bbc76012952021d42d","sha1":"253cf85cec6b9a53b449d758e2d542a9a182bc23","sha256":"c0b7563919543117a0168d95e03a8812821df1f79a8bf094dadda24536660d92","sha512":"54d0abe66c6ec80868c406f1838ff8760bcae6758bd406c57e29d3ae842812ffb81cb315706c46e5d6a26e8bb80c7b1fc2787d02e360d635ebf22aad6c3c7431","ssdeep":"384:H74ml/FeOUGcg70p+tlof7VCEv/f2rVdVOmo778U/eWJV+o6:b4mldXUGZ0p+tl8VCEv32rVPOmg8UWWo","tlshash":"cb62a6d12b10495d3583ce7aca363929f2ef69ba393d57401168cb3cfd18ad4e6361e8","first_seen":"2025-09-13T11:18:32.621492Z","last_seen":"2026-04-26T09:09:06.244838Z","times_seen":8681,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/63712-08d55a4030f898f7.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/63712-08d55a4030f898f7.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 22721\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22721,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (22721), with no line terminators","md5":"614fe7514839a09db165d48ad01da840","sha1":"e492263f454db98a8cc2c89c777e5572e854e343","sha256":"4974bda3ce7194ae592697daaccd424e6e8e231bf15187182bf4d16522e9bffb","sha512":"7eee15e6bce48c5b1adfc53ecfd7492109fa6272d866622f055b91ccc80e8bb4e9fdc350413cf4282d6b85b13fa72188cc51445cf6eafb6167d149ad45af1b8d","ssdeep":"384:RSHQzwzI46bFWDyhQ1qqo5W6m4WIQgn1fy4GaQANJVOPe4+snOcT34McbAmrh/2:/dZsunDqNs/AFD","tlshash":"1aa2b449b9d1f47453a3aa51843f440bf2674ea8a05db8d8d367c9e5adb888e4073f3c","first_seen":"2025-09-13T11:18:32.286663Z","last_seen":"2026-04-26T09:09:06.23898Z","times_seen":8678,"resource_available":true,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/34230-e87c8d35c9fa1ab6.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:09.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/34230-e87c8d35c9fa1ab6.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:09 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 23047\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23047,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23047), with no line terminators","md5":"9b4900ae7910372c39f90a4ebc702603","sha1":"9a24a588c269ce9c3f57345c32fc19f6681dbc0b","sha256":"09f6962b4e78defeacf0013f19bf739d5427801904333b19f9ab4cf541db3440","sha512":"4a02c00c407ec0eee649e22031775550a2e27fd675d23235783ec11d04efda2480a219e318fbba5739af05b0bd575f5d6d94a5a5dd2db29a03b891b9ba3069d4","ssdeep":"384:05ae/t9qDM109qxJ7aPk9RqKIyoIPzM73I/AKIJ1L/7E48z/08zXvnL5/Tz7qt5V:veVwDM10wxJMKIKIy6IzIj/9KcKN/POB","tlshash":"b5a272c9a390993d2583c53fc635b426e2bf09fa753e534062a9c63df909cc4e7365a8","first_seen":"2025-10-16T04:05:32.834372Z","last_seen":"2026-04-26T09:09:06.251597Z","times_seen":8610,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rytowin.gl/_next/static/chunks/57796.e45f39755a070442.js","fqdn":"rytowin.gl","domain":"rytowin.gl","tld":"gl"},"ip":{"addr":"69.5.189.54","port":443,"asn":19237,"as":"OMNIS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://rytowin.gl/","date":"2026-03-20T20:06:10.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rytowin.gl","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 07:02:47 GMT","end":"Thu, 18 Jun 2026 07:02:46 GMT"},"fingerprint":{"sha1":"70:D5:BB:FB:BC:73:2A:85:61:A3:4A:A1:EE:B7:81:E7:6C:BF:F2:92","sha256":"DC:56:30:30:9F:E1:04:5F:CC:86:65:F4:9F:B2:6C:99:1A:E4:9E:27:1D:63:CF:53:E9:49:16:92:34:66:69:9A"}}},"request":{"raw":"GET /_next/static/chunks/57796.e45f39755a070442.js HTTP/1.1\r\nHost: rytowin.gl\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rytowin.gl/\r\nCookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800; cs-resp=8bcd2f1dd14b324ffd533efa1edc8426\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncast-mode: default\r\ncontent-type: application/javascript\r\ndate: Fri, 20 Mar 2026 20:06:10 GMT\r\nserver: openresty-cast\r\nset-cookie: cs-uuid=6c9632a92e8a3000d7f8f68651379800;path=/;max-age=3600\ncs-resp=8bcd2f1dd14b324ffd533efa1edc8426;path=/;max-age=3600; HttpOnly\r\nvary: Origin\r\nvia: 1.1 Caddy\r\nx-dns-status: HIT\r\ncontent-length: 32589\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":32589,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32519), with no line terminators","md5":"c24306889c066a0c6e45e5a719c217c8","sha1":"fcd9fec48774760225baf46e9b68349387190355","sha256":"54e16bb637371774001af0da9b7ef97c3ea54ed0a6d11d16a0fda0dea88b2cc1","sha512":"9447144ce13d74d63f080b3c10dafc8c0b37511d48498169ee13ab0f8bb21994e2f347f8d4deb66e92f9c409a1adfaec9636ab2a652de003415a7d10651ad7b3","ssdeep":"384:kuqCrrJ7sA6MdMuADbY/7lpbCWU4/RZRY+BJDnYDE0ycob034x3SUQXuzeAL6HxW:7F7sA6WXAInWg5rYMlYzyq4tYdlyBp","tlshash":"a7e2d70f430423b12b9212053f9e18dd772e916573128d5ab9ba916c334e9dab23bbd9","first_seen":"2026-03-07T05:32:19.77685Z","last_seen":"2026-04-26T09:09:06.237088Z","times_seen":1752,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-20","alert":"Sinkholed","trigger":"rytowin.gl","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}