{"report_id":"49ce72d0-d03e-491d-830c-3d0b785aa714","version":6,"status":"done","tags":[],"date":"2026-06-01T01:09:54Z","url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"172.67.184.123","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"title":"Xorawin: Most Popular Online Crypto Casino Based on Blockchain","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"172.67.184.123","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-06T01:09:54Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"xorawin.com","ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-26","domain_rank":0,"first_seen":"2026-06-01T00:21:53.467338Z","last_seen":"2026-06-01T00:21:53.467338Z","alert_count":240,"request_count":80,"received_data":9255946,"sent_data":36029,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/58172-2e2ad5efca352ade.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a9784916761bd2bbc76012952021d42d","sha1":"253cf85cec6b9a53b449d758e2d542a9a182bc23","sha256":"c0b7563919543117a0168d95e03a8812821df1f79a8bf094dadda24536660d92","sha512":"54d0abe66c6ec80868c406f1838ff8760bcae6758bd406c57e29d3ae842812ffb81cb315706c46e5d6a26e8bb80c7b1fc2787d02e360d635ebf22aad6c3c7431","ssdeep":"384:H74ml/FeOUGcg70p+tlof7VCEv/f2rVdVOmo778U/eWJV+o6:b4mldXUGZ0p+tl8VCEv32rVPOmg8UWWo","tlshash":"cb62a6d12b10495d3583ce7aca363929f2ef69ba393d57401168cb3cfd18ad4e6361e8","size":15156,"data":"","first_seen":"2025-09-13T11:18:32.621492Z","last_seen":"2026-06-03T09:52:47.53318Z","times_seen":14110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/app/not-found-79dd159fdf7277cf.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c5bf0f0d0908f5be3891ea553a11b27d","sha1":"93f92782862029bbccf0f6aac5e2ff20925045e9","sha256":"5738c21b3d05ef39da1e2263476827c3d70678a327708c1d14229d77e643f4f3","sha512":"92526e8c0552a6d54d9a85ff6c9d58c9a320ff53786f01a12f6a0ec4014b12dbbeecd70387e6530bceed4bb5a9adb5cd83a342b2bd91cc6de6bb35c5fd9a3380","ssdeep":"1536:k8cwg5kif2aMaiR6HKf0x0XEdw/BvD7/a9yOA7:mdw/R","tlshash":"7c4374ed5bb009cda88896ea7f0610bc373e41bab46d8928ed0d5d38a0418d5fe17fd5","size":57585,"data":"","first_seen":"2026-04-14T16:12:13.082004Z","last_seen":"2026-06-03T09:52:47.52462Z","times_seen":6112,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/main-app-fef4a8898ec7782a.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c06acc17c28c2888a1a2466b0a0d12d8","sha1":"63d7278ad805cf6b27e6fb76daee100f7cc61afc","sha256":"90a949795e63ad10200d2f57df2706979fd66bd412caea2130a9c707e21c5d5b","sha512":"745f5cba8c1f8c006b2d9a1f8ec15fe3e66d7909766f446755243e1b63aa4d611233d9fa175bc9001bcbce4a4a782e79feb80846ba96f394b38c1ed2b1f3c2bc","ssdeep":"","tlshash":"f5f0fba55f0df42f5d266e74fd97ace2184f4275206b4e647d01dda23c67b6cd260408","size":537,"data":"","first_seen":"2025-09-13T11:18:32.65005Z","last_seen":"2026-06-03T09:52:47.506571Z","times_seen":14163,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d4f58df8ef556437633bb90cc31469c4","sha1":"c1c713bb5046a54cb79a8e7537b6d7fca624fd45","sha256":"2dcb2e50c883929aebb7a64a7a22cfe2260d856a3c36a6926c082da19c552b7b","sha512":"54c8a79f5897cd198db689700c24f950ad7fe19eed815f8bfa0e47428701d8c84a1fd8f677a6f1b2a4f1443f35f2dbd19e6f456ceeebfb1c59275bb356e1a5e9","ssdeep":"","tlshash":"bfc02b041427c47b421c6f4dc02243d4e4b020bcdc492480801d181800d0c313b40cd6","size":130,"data":"","first_seen":"2025-03-25T18:26:20.414558Z","last_seen":"2026-06-03T18:51:00.319956Z","times_seen":39321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a6e1178e4bbf5730bd664a49dd3bc24","sha1":"17c3ae3273f9de6afbbdedf2e413dbb3a6722792","sha256":"3814cddd18b2095e01abb745a99e5ada90178e709c09879324c3b623f2d829ea","sha512":"cfb1aab0bf589e33fd12906f448ddbbf7163420a088de513b174304c9ba3a7abcd9b41c98bc4dd51edd0206c1fe4660db9857e3c6163d1bf50c670cefddee509","ssdeep":"","tlshash":"de9002b090c39c5890264186687100160b6c040c01080141132184d810115048e40d8e","size":43,"data":"","first_seen":"2023-03-13T01:07:12Z","last_seen":"2026-06-03T19:50:34.928154Z","times_seen":151493,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/63712-08d55a4030f898f7.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"614fe7514839a09db165d48ad01da840","sha1":"e492263f454db98a8cc2c89c777e5572e854e343","sha256":"4974bda3ce7194ae592697daaccd424e6e8e231bf15187182bf4d16522e9bffb","sha512":"7eee15e6bce48c5b1adfc53ecfd7492109fa6272d866622f055b91ccc80e8bb4e9fdc350413cf4282d6b85b13fa72188cc51445cf6eafb6167d149ad45af1b8d","ssdeep":"384:RSHQzwzI46bFWDyhQ1qqo5W6m4WIQgn1fy4GaQANJVOPe4+snOcT34McbAmrh/2:/dZsunDqNs/AFD","tlshash":"1aa2b449b9d1f47453a3aa51843f440bf2674ea8a05db8d8d367c9e5adb888e4073f3c","size":22721,"data":"","first_seen":"2025-09-13T11:18:32.286663Z","last_seen":"2026-06-03T09:52:47.539203Z","times_seen":14113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/84382-094149ffbac5bc85.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1fa6d4c4a8645fc5f35221912f577f57","sha1":"ef2ffc801c41159d52042a1ebde5ac50fed927d0","sha256":"aad9fb33b8c691bf50441784813e52cf85b6cf3a8aa15f0e3d2e19eda206963e","sha512":"595ca6c19d7abf10254ac480d20ccc0a79e2afca626d3d9d1a71944dbf286865bf14bb0e38845e1d35cfb62ce6cc7e1a61f6839801588d073bbe226918cfd132","ssdeep":"1536:atXQ71wm9SM1ekDl8wzCBK2v3nwnVvZxy:uQ71wK6kDl8wzCBnvgnVK","tlshash":"e343b409c5d8dbf45b7e2fbcd5a9d5c7ea333369a0712eda6752c8a0174928c712082f","size":59024,"data":"","first_seen":"2026-06-01T00:21:57.232003Z","last_seen":"2026-06-01T01:10:01.847087Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/53331-cafd9ec77f422f5b.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ffc2a9646f640ee24bec96371d8896d5","sha1":"43fb84011d63dd3ee53c4c5a6ed7bee651bc780b","sha256":"ee75b3f83f6bb1fe59b15f18a040463973036c403110a597b3e77b659b240fc9","sha512":"19765f02ce6babd708e5a582fce2a697188168486b56c78f66d75c7ad4d29e02371f839d2b967fa8094e949f2fa6de2e478d24e24b3150f0eb404dcef6fe63f6","ssdeep":"384:/bEM6MGSQhbWOoOSQ6b82p7X4WsIBcf9CkSfA9CM3ORBq5T25iaTuJ8jFNDtv/LO:/L67hSOoe6h7X4WsIBu9CkoA9CM3OTq1","tlshash":"63b2d7e993f4b6e0a006e3f8d607a8793a6e19fd7b32c95893d95c20c5910dc266ddc3","size":23606,"data":"","first_seen":"2025-09-13T11:18:32.113392Z","last_seen":"2026-06-03T09:52:47.517065Z","times_seen":14098,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/34230-e87c8d35c9fa1ab6.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9b4900ae7910372c39f90a4ebc702603","sha1":"9a24a588c269ce9c3f57345c32fc19f6681dbc0b","sha256":"09f6962b4e78defeacf0013f19bf739d5427801904333b19f9ab4cf541db3440","sha512":"4a02c00c407ec0eee649e22031775550a2e27fd675d23235783ec11d04efda2480a219e318fbba5739af05b0bd575f5d6d94a5a5dd2db29a03b891b9ba3069d4","ssdeep":"384:05ae/t9qDM109qxJ7aPk9RqKIyoIPzM73I/AKIJ1L/7E48z/08zXvnL5/Tz7qt5V:veVwDM10wxJMKIKIy6IzIj/9KcKN/POB","tlshash":"b5a272c9a390993d2583c53fc635b426e2bf09fa753e534062a9c63df909cc4e7365a8","size":23047,"data":"","first_seen":"2025-10-16T04:05:32.834372Z","last_seen":"2026-06-03T09:52:47.528617Z","times_seen":14039,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/fbq.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0b834c87557376668b3c3fde729a8db5","sha1":"872448d973ce02e75d52b31641d961601167d04c","sha256":"cc63b490224b081fc3bef6a696dc3ecbe7ea7bd45df00c8a53cfe304e7bd5469","sha512":"1c40528c95bf8c5d60ebf3dba6df8ca43390e5239ea50ef08705e547c48635a1f399f2f9d7207b4575822d2ce3dfd6e2b7ef7ee3b431255837cf2545ea5ed4c5","ssdeep":"","tlshash":"e7e0619f2c43b42733e97639c727a67b3763070178c2d919ba05c8151fe08966c96d9f","size":408,"data":"","first_seen":"2025-03-19T10:41:28.92776Z","last_seen":"2026-06-03T15:09:18.09684Z","times_seen":16144,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/58733-c5eff74fea05461f.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"608213cbae5946f55bcf6e3e236643d8","sha1":"e6181592f15a748e4b0e3a86966dc1cfb5d508e5","sha256":"dbbc5742780c4bcf13e1aa6afe878f0beb77154dda969c40b074b762a7afbbdc","sha512":"22e77044234d9e0b1b4cfa606b0cb04a83d7492edd1392a1880a984adbc4742f98397845f91d4a09f49e0ff4be85d190e7857113b818a5125c39ecd965504cc5","ssdeep":"384:7ry4eoKi6rba2BN4eofEPu2jQi/Q8nTREBJ6F5ACxKv82wfLba2B44eowGJdba22:7DHiG2Bkeu2ZQ8T6BJ6F5ENwDG2BZhJ8","tlshash":"498286e5e3ca73d0e10af7e44116943c3b6b21fe2b36cf584b9badb0a61549c654adc0","size":18872,"data":"","first_seen":"2025-12-05T05:01:35.743711Z","last_seen":"2026-06-03T09:52:47.529189Z","times_seen":13527,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/73345-c6c417d67f761339.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb597de485c3029dc93b6f3225acc0d7","sha1":"d3a6bc9d6749ea9f0ddd1b1862c90303f3ec3254","sha256":"3513d69dd757c29044eb92ab6a908ba6755e0845c38105ab2e196b0c75b96583","sha512":"1420716788ac11ed76547147942bdf2329c1bcfe8770745c3bbce32f99ca5c5866e20253ced9e0ebc4597003f7404825de2b601f8d24b5c2fce1125eadf0ad63","ssdeep":"6144:bV5sFqdfuGDdF0pL8sS65eILs3QKQmiOB0lDz:bispi9mVB0lP","tlshash":"ef644a9c7682b474939b016a807f0107f37e2d57240e4824f270d9ee7975e99a2b7fb8","size":325834,"data":"","first_seen":"2025-10-16T04:05:32.880573Z","last_seen":"2026-06-03T09:52:47.528048Z","times_seen":14077,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/51096.d5d2efd398115952.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e3c132e70a3cf169a2eca9d5a55ebabe","sha1":"b4ca48271ad20555f17c11a3e9b0acd351771222","sha256":"a756eb284f53f6210c994a6890be5af55389875c0baf7789c9bc5e555bb69f5c","sha512":"e24b666010f17d7bb5c49ca0686faf3670ebb34d1139918c87b98e22274e9951a46fc21dfad095ca07f6775ef978e8640f3b16f237dd7aac4f35cec9147476a9","ssdeep":"768:bt7hsk89UGTrNgELQFENRIP4TVNUuXCEth:bt9sk89lTxTQ4IP4JauXph","tlshash":"41f2d80f460c22f13b9711423e9e1add776d65147712c87db9aa816d338c8d9a23bbec","size":35333,"data":"","first_seen":"2026-03-07T05:32:19.757389Z","last_seen":"2026-06-03T09:52:47.540891Z","times_seen":7179,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/39801.e01872e3fd4ce998.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a256619c7d126c5f94a778e4cb0e1f9a","sha1":"0bcc2f275701e748cd99ee1b74e08332e54465f0","sha256":"9e264fd41ff4eee9bd187c5c900cd97ac15416526380e97e8f2815f342b62e0f","sha512":"469268ea61e3ede751a9b6b6920c9f3238622ae5f736d009f11d9b80a41b20b25e739685e1a99d4dd86e989dfa40518f440cbc86674f603317a079715f35c5bf","ssdeep":"3072:pRrcfJstYNwTXVN16F+ZbBiOiiyXnbAlHq:ostY5GVGbAQ","tlshash":"28b3f80f420813f22f921202369f69deb72f515563668d6578edd03c234e9e9a23bbdd","size":108727,"data":"","first_seen":"2026-05-20T18:47:35.40812Z","last_seen":"2026-06-03T09:52:47.540331Z","times_seen":959,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"781124fef51d171d1bf6a4411089b58a","sha1":"8ea6d4228d0524e13eff6f30d0688eb9d618a511","sha256":"48a28e4d8891363484ec6667451330343e9c52cffb342709dcafd7ae78e23c98","sha512":"cfa46a41589e37c1434b4375f54d5b59611d6be86a03419d6ea575fe2c7af81508f7db520439fcb360be2f7f6ffbb962a28c0aa90f0b5fb38f7984d64ba55e82","ssdeep":"","tlshash":"0641760f7249e8963cb2de1b55332f36d88ddc774239e168e61de9ab115297f830c905","size":2246,"data":"","first_seen":"2026-05-11T05:33:21.760265Z","last_seen":"2026-06-03T09:52:47.549363Z","times_seen":4810,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"45e61a72d1a6f2fd55f54167fed00d8f","sha1":"820e3b38208a272a4962dfdae8af71628bf8c459","sha256":"203d260673e116cfe93a5cba90bba1155c7a1c0b9ee478e4a335ee304773f3dc","sha512":"25dd38826c1f5813777abff6ba60bcb75208a45acd474893905ea6be06ed81b7eebc8193fe73e46786828e1711fa19cb10b5771b441af53316ff451a935fb6c6","ssdeep":"","tlshash":"f5016d5de545f8a569718e1f042e0e29d58cc9bb83b8906ca2ace9e79252a7d0748881","size":803,"data":"","first_seen":"2026-05-20T18:47:35.436179Z","last_seen":"2026-06-03T09:52:47.550214Z","times_seen":999,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/4bd1b696-ad7506e6ce5b48e8.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"15510eac41ab1d5ef4d07adf66470336","sha1":"af7eb0a2168918b5999e83b71a10ba52809f38df","sha256":"e5b9e2570593ab1e59ae6a397baec8491e4c3d5e4628aa1439940ac0e2aee2fe","sha512":"116e3ef82cb1608f729f9731bf3ba61a1a75624fec0adf57d0536e5f7e1abae6c939e93af5bbde399079cc1634b5ffda250a76f08571d2e30c88eceecd05b22a","ssdeep":"3072:btfjLiM+NFCC4YQbCCAaI/02UHCgwLRE4:btfj2ld4Y40fUHQRE4","tlshash":"0df3f7e83d99e2116eb342a7109f2803737c262b240d4c60a615fd9db5b845bb17bfde","size":168420,"data":"","first_seen":"2025-06-09T17:09:55.347659Z","last_seen":"2026-06-03T09:52:47.518638Z","times_seen":14188,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/webpack-61b4895fb3a2406b.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2107026434b2239725ce96e2ac18d34a","sha1":"b83fc577ef8cdfbf23010ac0236f5693ced39c27","sha256":"3850530ebddc63ccc8da193345379891146bd39418c19bc77f146175f14378db","sha512":"f36d0c5df43394788fead75d029e8a7a37267ec5ac0ae29ca6be32496b1abd15b88dd7666eeb3cb04b69e9badbcd2bff0750bbf4fb11c2b1afb5322d82c05743","ssdeep":"768:++ybMHFdgJVhQskYzZujragyk/TlZeCPuLhO7/outNOPUhMfcJJF:0bMlarpLV0ragnZsCChODouWcMSJF","tlshash":"a2c239bdb31cecee3c3005c6ac5224f46914b1227c464cd171dae77a04b6c79a76afa6","size":26740,"data":"","first_seen":"2026-05-20T18:47:35.405271Z","last_seen":"2026-06-03T09:52:47.512706Z","times_seen":1000,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/58211-d9d578b8de9e3293.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f7d84948f8ca0ff495e7533d0969b670","sha1":"3330c776cfbb7ea04d30b89a9686eaea35f24747","sha256":"2180eecb87df810a0f91771ce87e9c4f6e185e9011d00147eef0ca9c7ed750c1","sha512":"04a5f0711a52dd8bcfe0ea6d66662ed5e0a8610c8caffe461a8c8178f8f40e55b4c40c7ea11716a7dce1631534f5e22f9c5d86393e31835bcc686e4aa6254c85","ssdeep":"768:01KE8vZ7HInPlFvvb5AvexGRrxVP1fr4UK1fWbqYsCL1fZnK+jBV9YCO:0voWV","tlshash":"f20399866740a83d2587c16fd63a6415f3bf14ebb92f9390219aca3cf506dc0f5365e8","size":39725,"data":"","first_seen":"2025-10-16T04:05:32.927959Z","last_seen":"2026-06-03T09:52:47.545541Z","times_seen":14042,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/twq.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7f4d9e824f13f7d27acdc868f36f7208","sha1":"125a712d37aefe5d3e52ce2ae8986e109eb473de","sha256":"d6768cdba372d919e6d9322bf3cf3a0dfe427d86293aaf16f23d096028a00a1a","sha512":"d6395459961f34c3efc4c55ffa6bd873fbf20cf9aab17d31ec926d7ff645cfb9ae0cfea469b98e0604c5de162b60eb1bfc7b06a6fe91e3497f3a4fb32d29c20a","ssdeep":"","tlshash":"66e0e7f12d093d631fa11374117f931f3143210575595b91d59cd540376249f8037b8c","size":308,"data":"","first_seen":"2025-03-19T10:41:28.935479Z","last_seen":"2026-06-03T15:09:18.092985Z","times_seen":16138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/57796.e45f39755a070442.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c24306889c066a0c6e45e5a719c217c8","sha1":"fcd9fec48774760225baf46e9b68349387190355","sha256":"54e16bb637371774001af0da9b7ef97c3ea54ed0a6d11d16a0fda0dea88b2cc1","sha512":"9447144ce13d74d63f080b3c10dafc8c0b37511d48498169ee13ab0f8bb21994e2f347f8d4deb66e92f9c409a1adfaec9636ab2a652de003415a7d10651ad7b3","ssdeep":"384:kuqCrrJ7sA6MdMuADbY/7lpbCWU4/RZRY+BJDnYDE0ycob034x3SUQXuzeAL6HxW:7F7sA6WXAInWg5rYMlYzyq4tYdlyBp","tlshash":"a7e2d70f430423b12b9212053f9e18dd772e916573128d5ab9ba916c334e9dab23bbd9","size":32589,"data":"","first_seen":"2026-03-07T05:32:19.77685Z","last_seen":"2026-06-03T09:52:47.521773Z","times_seen":7176,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/app/(landing)/page-cf1007999f8b07f0.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"48ec96abed84d1a1e0909289298bc198","sha1":"fd92b05ea9219b290f05bea0269e3634b3d94d16","sha256":"e42150fa3fff976c803e5c48671e5c22ca37d7a02dbe723bc59b0e1c531c2e21","sha512":"e3a686177e8f6c1fe0cf844ab671318c3ed3a2b52030fe46a15eaaf9e4c7ac4b934f12f6bf71c1b815295e46a9be8cb04518539ac915757990bc6aeee59a6f67","ssdeep":"384:+Saddq55XGydqhFoSObqu7zYOJV56GchG:+Sqk5WWWoSObqQJV56hG","tlshash":"aa62a741e254daacf45394adc32e903d326f2599d65e8570f8fd9c3461094c8fb2bb9c","size":15208,"data":"","first_seen":"2026-04-14T16:12:13.069164Z","last_seen":"2026-06-03T09:52:47.510011Z","times_seen":934,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/app/global-error-884c85b40e4582c6.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f464032672c337bdea8b237c7d05b702","sha1":"1cdbf7312029374f51084e227c35c72cf4faac6f","sha256":"3ca5c4f015655b1f2e26748722813831cb576b3def592ef586a979ec3d51fcd1","sha512":"10ce4756e8a30584054c01bdd74fb68cce256d96ad3d119f06b93d62558a8c16992809d6dc324beaf792a5b78e3e237a0699fc707da94c95c8060b47b43d0c08","ssdeep":"","tlshash":"2bd02bc511817da874161a6955b4d835304550b7302ddcdee723ef2108a25a40341c0d","size":257,"data":"","first_seen":"2026-04-14T16:12:13.061771Z","last_seen":"2026-06-03T09:52:47.53632Z","times_seen":6110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"308eb51ef4dbc56e717de160d03e20aa","sha1":"ac7252433892d60dd5dfb6b256f61376f91153d3","sha256":"8b4f01fdcf76d2c1309720e65c492c8ce8de739a4c707b014b8fa5271d13afa0","sha512":"68b70f3053aa407d697637728e247c117c584eb3887e12a399e4f6af711395a495161d6863ce74d020df057b1bea3d49d681ba3628ca7c6b3edc28df6284db76","ssdeep":"48:LZMxbQVoWnnBn6V0G4cqYC/lyUnBn6N/y2zp7FqYV+pEYET8bNG4Nqrb:LegBmH4PEa8/zpyET+444","tlshash":"6d91041e6805ce0bdc7e7d69023d8d36a0cccebb8761aaf4818ecf581a5687527ddc91","size":4591,"data":"","first_seen":"2026-05-20T18:47:35.437203Z","last_seen":"2026-06-03T09:52:47.552241Z","times_seen":967,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/app/layout-414e3e65ac0c109b.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"da0436ea5a84ecfb8d9e14acee81e33f","sha1":"a25ba244b91fa5b8e9d7c53f260f2ff930c0e474","sha256":"337924b21e041c6d14c3599fa10ae6f890cdd6cf595d7466580388c946b426a9","sha512":"894cc5833f927927eb1c72f2abd7ac17666bce0915ae99448c641f1e1120ce9abeec6a78fb2a43a33e60c46ace40245ccf798bf1ba2264f078ff4799e1ece205","ssdeep":"192:lTUQUBoSCqdIpNRDvf31/wZbMdyeTJzTF5zb6:lTXUyc0NloDeTJzTTm","tlshash":"6022b611b484fcad0be3c89c9cafca08916e1b16d8a8847f9f1dd62910b295df175b1b","size":10497,"data":"","first_seen":"2026-06-01T00:21:57.196239Z","last_seen":"2026-06-01T01:10:01.88728Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4ea234252cf1b2b586dc3769b37731f4","sha1":"8c7da62134c910ecd2109f07c52fc5efc49c1bdf","sha256":"f3969143ccfd1630eb2125e22ae9498f34a160a82856948fb0b413aaf0485844","sha512":"090555a54b1438d84fd8a7e4623d5c5014da7d9fdf385f780fc7922aa2914b2e4d74bbf38f9a46cbaf13bc26575bed2b6d1017ea885c75fb3cd4fc5c5cbb5d31","ssdeep":"","tlshash":"ead05e29a044dda6ec2e7956183dbe3b209d608f4498dea466c4ce284992a3a3342dd6","size":252,"data":"","first_seen":"2025-07-07T02:40:27.405169Z","last_seen":"2026-06-03T09:52:47.55296Z","times_seen":13679,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/53090-a64743b05c92b22e.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"15925877203605d5f2355beb36d57347","sha1":"17da103edacb7e181adbf9304938d039a200c1d7","sha256":"a986f72fb7dc330235296b864ba0f244f1126b2eff777b8a13ae36875dc96157","sha512":"ad516778c2e0dcaa482b03f5ab7a44fea87ce340ae85aba921277db245d9e6c5a49f70a27eeb99b6bef662c873647590edc83e75c63116c4e456045245b91568","ssdeep":"384:hC/SLOZgztFl6pfisYkxdZEAXtwdt4DvWmV9PvTLsb6r7/:Y/SCZ4Fl6pfisYyZEhdt4yIWbU/","tlshash":"0862c6e0d362fad8ed6785d5f12ea906b11f2f988b19c074f6b85c2053181c4ba27b9d","size":15666,"data":"","first_seen":"2025-10-16T04:05:32.826709Z","last_seen":"2026-06-03T09:52:47.516538Z","times_seen":11948,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/92148-887f80f44d59d305.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c6501be806cf1fdae07f7147e6e32ed9","sha1":"b46315e1e07d5c32e6f2185e25c453902013fa4c","sha256":"e897f0138e8011ec20fdf4ac0b924c9d3edcae74328a9700f502563b25897bd3","sha512":"9fb4560bfb3491d7afc719f71260e56dc3a2bf71d2c1104251901c02eaf7a2d0a9d249d90b51e3831ce7b66e7ef81603dcee6c97900ffcffc51b8e244493e1d9","ssdeep":"384:DLZQxW+19Vd6J4FU0Zs1Th/ndpRqgG4gjbI3/ovs2GK/sYp3wm7GjUWybgAKJ7r2:JQE+buJZ0y15dpRk4y+gt7/sml7GAFsg","tlshash":"b482d89da3e6a5e8f003e3f8835bd8353aa72df57912cc145beaac21d51109cb4a5cc7","size":18801,"data":"","first_seen":"2025-11-16T06:53:31.12293Z","last_seen":"2026-06-03T09:52:47.525188Z","times_seen":13615,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/82849-35d68a185f8daedd.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d8603d8e0135f562bf9ab67325e9b3c","sha1":"9d631773a5b4011f66b9e5fd568e61712607b308","sha256":"d9eb7914de9899abfb7a33535e716c0fde37e67449d390778c8ddbbc4641b020","sha512":"db9398a7771fbf68e94f48c2868a1a236fe367c553e11ebe05d2552d0d2cfbe2b314d3463d7e314deec6b3fc910660aaad9604a7f9827057298c2c1c0167db9e","ssdeep":"1536:4UcXlryCtX55mQPVpmsuIurLJmvU340MLsUDG3BZN2EaZxVcGR5c7dhP3Whj21ma:3+s","tlshash":"b904d5debba0a2f4f005e7f8d7124468366b39fe6e52ca68c3a91d15e90108cdd59dc3","size":180626,"data":"","first_seen":"2026-04-01T07:30:57.189898Z","last_seen":"2026-06-03T09:52:47.513235Z","times_seen":7007,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/73943-1d520689248da833.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"64fdc139b6af1827fd601b07f4d24c93","sha1":"f5334e0e066e0af0988c94df23bf183f2778065e","sha256":"b361383c57269bca223d9ea22ec134e581daeac429aafdc1f552ca59ee874427","sha512":"0837b4c6708be4cb7ebc64fc988ead1ca13ab4eab7236451be56a9fb14b1de983d427230ec1a4e3bab1d95229b6ebfaf2f31ac9893d1a5553802d6e3d35741b3","ssdeep":"768:T5poCFrHcJfP4gFxZePqxkKZoesmsb4xvH+k+BtJ+cIDGQwJ9IEH6HxHRzZASR/0:TALhZLD+tPIRA","tlshash":"a34383dd4bb019cd6dc49ae9bf0600bc363e92bab069882ced4d4d3850458d9fe1bbd5","size":55294,"data":"","first_seen":"2026-03-28T13:42:32.426354Z","last_seen":"2026-06-03T09:52:47.517586Z","times_seen":6503,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"336ecd728aed34847fe284a71a7633c8","sha1":"a44bbef2d7c610fac04b162558fbf8067bbf19c1","sha256":"298a83badcb2a2143eb6a35e2e5a3c9434d72df7ed059affe563666e94be8d49","sha512":"da1c0a1f4eca0e9698dd2642bdca47431095ccbed7fae407b56425b390c721fe7f16beee5fbd6b09d5655f1aede3cc59b123a51ff7818eec82daea4e2a286e8a","ssdeep":"","tlshash":"f2800470c4400c15c031545334747105017d400d000007005350d74450531055d07dcf","size":34,"data":"","first_seen":"2023-10-13T21:48:36Z","last_seen":"2026-06-03T15:19:58.744349Z","times_seen":14615,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6e40895f7fb0de70293369d8a10140dd","sha1":"93abebd7b0c60f5caa53a7e548b8974e81f3457c","sha256":"226dfb7ba8f5754d074dc64989ceb6bdb461f2f73bf0007a79a0aec7c92fe3ed","sha512":"94da220f08824723ff91b69d41c18fd55133919d6874e33f6cefcaf4b5c34b7b90fee566deb0dbdef95e51bdb3435a552f4730a11e21cce57da2bdfc16f97e2f","ssdeep":"","tlshash":"03d02b91dc13dc0dc3970f25183f1c3d31cec6641205924be884c97c5981e3409f0dc6","size":277,"data":"","first_seen":"2025-12-05T05:01:35.766262Z","last_seen":"2026-06-03T09:52:47.554133Z","times_seen":11331,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/56060-72611dc1ca384f99.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6685f1c3cdf6f0d1227ab2b5af23a056","sha1":"491d91380ba5da6dcd5027bd954e6fe11103b18b","sha256":"237ff25124f0ca73e06c9e1d59caadd016273fa9b5b6bf211c991cc8d34d1b92","sha512":"6667f2ba323afce441aa6e23fdcb8504dfeda05286da37d594827c605042ba88ddd7bc5c6ec9565109d4a0ad4ddc9f8cdde4ca22cbb9eb8122b85ba04bf1d0b2","ssdeep":"192:/ztywjuim2pZQizyySL4tLg6SpiQhQ+YmzSRAz21OfsuAAuaSXCfb+e:/z9juim2xWySL4W6STYmzSRA61gEC5","tlshash":"4622ea847260793e1547866fd1be5516f27a292e382ed25433b9c83cfd21ac85336bec","size":10031,"data":"","first_seen":"2025-10-16T04:05:32.850927Z","last_seen":"2026-06-03T09:52:47.532611Z","times_seen":14084,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/dc112a36-4dd9553e3950a789.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8b0312e3e2ff7226227ee081f6693db1","sha1":"823c7003795d9623f8992900a6f337f599bb7eda","sha256":"dccd0125f7ca7c6c5f3f8ae7d813743257cb55899fcab2d63b70fdf06b2a05e2","sha512":"612eb966b9409ee719588a9f82170d4d6c9b5c075b85981a1ac0dc0fb8119997de7f6a139ba2908d7ccfe0ab342f452e39ca15ec3d9fafdc1c2a7d36cda06d87","ssdeep":"3072:Hbyz4KjrqQmINGbpJGDc0Lf1c/X6Rpbdt0myoQj7sOU1IMi9wD5yojt:HijOQmINGbpJGDc0Lf1c/qD0erI5BEt","tlshash":"295419597254343805c540a9906f094bf736292e246ac49cb36cf4efa8bdecd31beb79","size":305838,"data":"","first_seen":"2025-07-19T01:07:13.417114Z","last_seen":"2026-06-03T09:52:47.532043Z","times_seen":14170,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/30731-b4906d3166248ccd.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a278de30bdaee7c2a859ec4fe00720a5","sha1":"dfee7e7f7f6bb86b057a87c026fe85debcf3ff9e","sha256":"f1b31f7cc90eae6ec6abd1c9b5e2cab892957933851bdc043acaec409ca136d2","sha512":"77f9c98385a0189d3c4ac23bef30048bcab4c2915cda68f96181e386575b3e523fb4d6ad1d1b99f6dcc89b18122b8e0548ee2628d6f8d948571592754b9ff4e9","ssdeep":"3072:92ydhg+1uKewJ0Byiw1QRi8B6a3bmicWAM7c3jiPYFEcFBKKMhEmDhwZ8:92ydhxQRB0Dz7vMKmDmZ8","tlshash":"bd15b4985bb553fcf405f7f48a2ba4b43f6a38f67a42c4b8c3a91c15d4520ad89a5cc3","size":935432,"data":"","first_seen":"2025-11-16T06:53:31.123844Z","last_seen":"2026-06-03T09:52:47.535712Z","times_seen":13638,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"78e1a3a504cc7b70d1d89a54c8f955e8","sha1":"61a85d58e91d014c5881e92ec6202278afbea0bd","sha256":"39ec7f42a7f61a97a75bb80a1f477373f73bfd5523ace91dccee0dad40f6f604","sha512":"c2ec680737fbaa3cbdee7ef9f990b82dc5cc63c39e8b5a3b30fd400e5a8e91de8ef3892439e05065990ca75f06e0d78d52995229aea5df913cb22f2a32b14f2a","ssdeep":"","tlshash":"aaf0d373ac10ee0285a56e18187acc6430cc896a82401799ab74cd1f159e17dddb2d95","size":630,"data":"","first_seen":"2026-06-01T00:21:57.284504Z","last_seen":"2026-06-01T01:10:01.918004Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/36860-0a9464d566324679.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ebed528d50f9e0657df76bf19dbe2ebf","sha1":"a745c8cac0f897a2e288bc643ba629bb89df2609","sha256":"f4ff2580f3ef611ca05990dcb937f89c700e24833b675e4039f569f79cc4da76","sha512":"8d0b8b70fcb7c71739ed7ed80ac98ec09aeaa478324288358e4c3f9622198dff8ed0d43a17e35e02c00537fe4d11c8d68a1fc9a60548aece0b1489ef3d3da6fd","ssdeep":"384:5mkM82Xy7PBRB7/z06STNN8txdOTTpPNUp0icpUAHEvDBUgf99Kxe2/KtyTnVfdA:UkU2fzuT778bwq5mL7TY","tlshash":"8092492b68365877a6d7bc748cae504c596fd24ba329089e773cef7404871ac394b3c9","size":19669,"data":"","first_seen":"2026-02-06T03:10:14.100987Z","last_seen":"2026-06-03T09:52:47.539769Z","times_seen":10635,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/67369-222f9a02bd61134d.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2d0f562c7d0aa123fc3b9110ba41409","sha1":"f8bb86ad9fcaaa9e6ba32d21119269d241b07992","sha256":"d814d64b251229e3895cc3d5c3c489f46e7a104b067562ca5512cfb197a2c9fa","sha512":"8b59f7093d20c00b2f06ef065a8429b308c7e09c88ac86f78afe14cf0fdf667b6c3e9b87153d14b690112863830a4ce309b2a88d55eb5f665aaca41133a7b57b","ssdeep":"24576:sNgvIh/V45VPyzLW3fx2/cp6lKxivBIVV/7x6XomFnoMBnxBqym/cpXlKxUvBIVh:V4G5q3/eIGYo6Ymk/eVGGo6YmC4MOqZ","tlshash":"a636931c8b6601fdaf586d81ca4770658fe286536fd789fc9abb7e104bb069f0301e61","size":4883419,"data":"","first_seen":"2025-12-13T06:46:52.602302Z","last_seen":"2026-06-03T09:52:47.551509Z","times_seen":13084,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/44638-22642ed4434648b0.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d0cfae03cd8f321178546f3d44bdf0b","sha1":"d952755162717e7ffadd30a573f4691a19b643c4","sha256":"a80e2f887fe98f5dd1f607d951147f5de620031519c6419ed1fb86e7b6621686","sha512":"56bf305f3b03e0fe79351d4cbfe166bc57557cdd91f72f22b3e967109e1a6f898528a59e5277c857fb69b465ddefaad1e500469821adc64dd225d1ada5986532","ssdeep":"192:e2weKRHbhH/3MO/Y0HURLDJYvYgcn/rNfI21OYR5ZAGPnSwpgy4jdzhJvkC05:/wd/MRLDJGAnjNfF1NVSJZ9y","tlshash":"00123c90b150797613678a62e1ff0706b33b845a5c1f84acb5b488456771e8e01fff9e","size":9855,"data":"","first_seen":"2026-03-07T05:32:19.773264Z","last_seen":"2026-06-03T09:52:47.524056Z","times_seen":7232,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/53069-bc2f18ad589424b8.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"107cb75a0c53987a209e2e7a8951b55a","sha1":"e8f418769d1d1f2858e2962b291b49ef960e6026","sha256":"34a6db6410f88a7b41716feb828d1982400a702e115250fdb6cbd3a5a618390d","sha512":"325008b525fb11dd0404a45ff42c54c4fce64f5abbc62231131f00fe7053ee9b626f32a7c63b1cfcd26b04ae6b65a99e93b0df665d9a992664c4766827b580a8","ssdeep":"768:9VFYbMnfiNkuGxL2umLBbPEOSQ7Lhkd+0xiFxVuxMgCIw/A33SUYq31kBVVLLEhx:TniNkDe52eh/oVkZL9DxFW0MSdUTB","tlshash":"42131a88633593e8f1c065f8d217649cfeae6aa4e741c470d3b16d11a0c78dc7a66ec7","size":44317,"data":"","first_seen":"2026-02-17T15:04:52.286204Z","last_seen":"2026-06-03T09:52:47.50722Z","times_seen":1902,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/app/(auth)/layout-2f72bfb00bd0ee9b.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"eeb148fc570d2378a9f4fb4cef9277e8","sha1":"f15bcc479e6192f1c27e2c50e9957c34d69e1dc6","sha256":"28e0352c26286fc5b9430539a76f6e36d0f8ade3679fef2b830ed3805fb8b690","sha512":"0d5e4e9dc24973836af109e4586ee36dfa759ed54863e94049c0c21323043a57cc61354a7d5016b098e269eaabf1fe4be8e76ac9b487c6fe54177f0e396d92c5","ssdeep":"96:XZ8Q2TeV9GCuyzz3qZqCLXx29Hn5G9UV3aQ+7XCrUBTCUBTVy19GCOsY89GC4b6:p8Q2TeCtiz3Xqx29o92d+7XCrUIUvV3g","tlshash":"70c1a5b7b6c5fdb2565688d088378207ba503d37205fb480a7facce53169dca44d1f8a","size":5634,"data":"","first_seen":"2025-09-26T22:32:24.049018Z","last_seen":"2026-06-03T09:52:47.521249Z","times_seen":14117,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/31684-5738d0dfaad74be8.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"338198f53e9ab0bb77a7fc2f057a8540","sha1":"78e8deb3e3e2703d617dfbcbfca2e893eb3cee92","sha256":"d3844f2db215d099728ef83a3b5cb3cb82279b669b231f54d2cdbbd958949f1d","sha512":"62ba9ce051e6974c6c74745a4ce6b49badc145041893b048ef42f09f979d0e579928ff78b7aa8abe587c73799a890c26703566918003494a9d1a3062ac019889","ssdeep":"1536:3Hk+1qVc+dJWgclHHlU0ob8OeM8aZLoEAEuRaQ3aTcXH10nZ6XEL4ZXEoFUOnN/e:VqW+dJW9QAMiEuV36XZmUON/e","tlshash":"8b04b8b676d0f89107a780d5843b400af3395c3b146f74a0a3e6cce975645dea1b3faa","size":176077,"data":"","first_seen":"2025-12-07T14:40:32.389468Z","last_seen":"2026-06-03T09:52:47.531468Z","times_seen":13565,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/4bd1b696-ad7506e6ce5b48e8.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/4bd1b696-ad7506e6ce5b48e8.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YSgXHPvPfyiXiBkFZL35KINnO4MarmZeKVuSsIppEbyHpSfZVvjHZ8ZDTWwhotQ4z3Bbv%2FsscYyZLM2n%2BzYkmoVcL2JPt1sCErEk%2FrJJ5qd9G4BXaF1mc8W9OJVv7g%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554aad6c568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":168420,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"15510eac41ab1d5ef4d07adf66470336","sha1":"af7eb0a2168918b5999e83b71a10ba52809f38df","sha256":"e5b9e2570593ab1e59ae6a397baec8491e4c3d5e4628aa1439940ac0e2aee2fe","sha512":"116e3ef82cb1608f729f9731bf3ba61a1a75624fec0adf57d0536e5f7e1abae6c939e93af5bbde399079cc1634b5ffda250a76f08571d2e30c88eceecd05b22a","ssdeep":"3072:btfjLiM+NFCC4YQbCCAaI/02UHCgwLRE4:btfj2ld4Y40fUHQRE4","tlshash":"0df3f7e83d99e2116eb342a7109f2803737c262b240d4c60a615fd9db5b845bb17bfde","first_seen":"2025-06-09T17:09:55.347659Z","last_seen":"2026-06-03T09:52:47.518638Z","times_seen":14188,"resource_available":true,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":79,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/84382-094149ffbac5bc85.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/84382-094149ffbac5bc85.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=w6HgIQHCf0aw65A3QFL7y%2FhoHpSrjfk%2FF6%2FG7bM8aavEByqctx2e77CTDxa8BQGspa5YzBsENkuHLobbhACAhLLkI42fRcip%2F1NlX6J%2BI2Yo65UWv6G%2Fe5dAnM6wKw%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd8a568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":59024,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (59024), with no line terminators","md5":"1fa6d4c4a8645fc5f35221912f577f57","sha1":"ef2ffc801c41159d52042a1ebde5ac50fed927d0","sha256":"aad9fb33b8c691bf50441784813e52cf85b6cf3a8aa15f0e3d2e19eda206963e","sha512":"595ca6c19d7abf10254ac480d20ccc0a79e2afca626d3d9d1a71944dbf286865bf14bb0e38845e1d35cfb62ce6cc7e1a61f6839801588d073bbe226918cfd132","ssdeep":"1536:atXQ71wm9SM1ekDl8wzCBK2v3nwnVvZxy:uQ71wK6kDl8wzCBnvgnVK","tlshash":"e343b409c5d8dbf45b7e2fbcd5a9d5c7ea333369a0712eda6752c8a0174928c712082f","first_seen":"2026-06-01T00:21:57.232003Z","last_seen":"2026-06-01T01:10:01.847087Z","times_seen":2,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/app/(landing)/page-cf1007999f8b07f0.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/app/(landing)/page-cf1007999f8b07f0.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KP3A1C7O%2Bui1RkkPVM5TpqgF9jxWoZeWlnv3uiXACGuanomGUrWiZKQVfHJg8qcH3bRRiifj0fIKzYjbKk8%2F1tfUUM%2FzasLVSV0rYBYkCNF9jILfG3PkVq%2F7hfJrwQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acda1568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15208,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15208), with no line terminators","md5":"48ec96abed84d1a1e0909289298bc198","sha1":"fd92b05ea9219b290f05bea0269e3634b3d94d16","sha256":"e42150fa3fff976c803e5c48671e5c22ca37d7a02dbe723bc59b0e1c531c2e21","sha512":"e3a686177e8f6c1fe0cf844ab671318c3ed3a2b52030fe46a15eaaf9e4c7ac4b934f12f6bf71c1b815295e46a9be8cb04518539ac915757990bc6aeee59a6f67","ssdeep":"384:+Saddq55XGydqhFoSObqu7zYOJV56GchG:+Sqk5WWWoSObqQJV56hG","tlshash":"aa62a741e254daacf45394adc32e903d326f2599d65e8570f8fd9c3461094c8fb2bb9c","first_seen":"2026-04-14T16:12:13.069164Z","last_seen":"2026-06-03T09:52:47.510011Z","times_seen":934,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/mix/landing_zeus.jpg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_zeus.jpg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 201878\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\naccept-ranges: bytes\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=euYRepr91nmxYVn2iSw03uqTJjMNCY1WFfQ%2Bg5h3nu%2Bdr98SUp%2FNCKf2RnTA0VIBtu6EapR0zqPXENJqcTqjMRCL%2BQvwr1fjKTxpnLsSgWuNjthpEuDuZV1P%2FizETA%3D%3D\"}]}\r\ncf-ray: a04a55502fbf568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196608,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2368x1028, components 3","md5":"977e0125ab8a86932ef4c6c493aaa202","sha1":"af6ff4f6fb2d3cbd6f386144d3c4bc6ddd98d56d","sha256":"a9b1f69977ee1af7573a27a6c6fa7dbee4a59c951ec2a2a44e0610345cce3610","sha512":"594a80311a85fd6d47ee8e2b6c97a189534a10392913beeda1e569838f281db01d188e1cdb5e9d40f1e778810072c22e436ffc625d162273b71d920144b097c0","ssdeep":"3072:PpZCDctONi+s/9M9EpUdbnP7uAj0Mc85RjRdr/qHrDIDzye:L64I99P5InGjRdr/qHrMDWe","tlshash":"0914a0038c1c8b97e52993e4bd530eac2f592b6ce98139ff05231dcb7e645265dae01e","first_seen":"2026-02-20T17:18:12.410941Z","last_seen":"2026-06-01T01:10:01.848795Z","times_seen":3,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":108,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/es.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/es.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Uqnwh2X5w48NLR78kPmueIJEluskvWxJSFZYH0Xq%2FqfnaX5mgOXHfIG0QfiIE6mvdVvbqNbSkaIYruQR7zMSoPgOcGDBGIZBwFqliS%2FutGXCWTmHhSQFWLUSbERMeA%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5553fa1d568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":629,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"a8224968196d0dd6d84e44c98093c280","sha1":"882b8a579de32e24e13e999b411abd814071cc2a","sha256":"f8cf69e4d0d285ff8e9be18f239b65e38fe1a235086a8daae53b1baa1e7a3557","sha512":"096da45f1e9c9fd020364a51f387110fe6b08969d607a52acd6acf7f01215e15ebb88c93484b7aef1392143f744ca491f8862151d5c4850ec8f7b9d4d419e870","ssdeep":"","tlshash":"bcf049c5743db18388098b742d6e70e6408e721b554814dd70079b28a3aa3df7ac2f6c","first_seen":"2023-04-17T16:03:39Z","last_seen":"2026-06-03T17:25:55.606759Z","times_seen":6134,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/36860-0a9464d566324679.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/36860-0a9464d566324679.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1bQCq3ozaJOdDutGB%2Fk48HM8sJfNJkAwOJ0wqdmIvn4cz3wgiz3CePanOT55bgP4Ny0%2FzU4e1YyoyFWYJGmbT40YrUKj%2FPVigoA3bBbb76opT7U0VU%2BrQ8p7cU4THQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd9c568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19669,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19669), with no line terminators","md5":"ebed528d50f9e0657df76bf19dbe2ebf","sha1":"a745c8cac0f897a2e288bc643ba629bb89df2609","sha256":"f4ff2580f3ef611ca05990dcb937f89c700e24833b675e4039f569f79cc4da76","sha512":"8d0b8b70fcb7c71739ed7ed80ac98ec09aeaa478324288358e4c3f9622198dff8ed0d43a17e35e02c00537fe4d11c8d68a1fc9a60548aece0b1489ef3d3da6fd","ssdeep":"384:5mkM82Xy7PBRB7/z06STNN8txdOTTpPNUp0icpUAHEvDBUgf99Kxe2/KtyTnVfdA:UkU2fzuT778bwq5mL7TY","tlshash":"8092492b68365877a6d7bc748cae504c596fd24ba329089e773cef7404871ac394b3c9","first_seen":"2026-02-06T03:10:14.100987Z","last_seen":"2026-06-03T09:52:47.539769Z","times_seen":10635,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/mix/landing_girl.jpg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_girl.jpg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T19:55:50.407409Z","times_seen":16088471,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/31684-5738d0dfaad74be8.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/31684-5738d0dfaad74be8.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=00iNJM1dlL3ge3ts%2Bu6YZ9xiOVcpVs8xnA6czaTXnf7q1k0xoa%2FauaJ8unH2mEh8ifs4nrojJzDxfr%2BksbBQlEJhoCD8bPxcDAZ0oMPqd3ulgOk2fRgbWG8dh1%2FI7g%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd80568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":176077,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"338198f53e9ab0bb77a7fc2f057a8540","sha1":"78e8deb3e3e2703d617dfbcbfca2e893eb3cee92","sha256":"d3844f2db215d099728ef83a3b5cb3cb82279b669b231f54d2cdbbd958949f1d","sha512":"62ba9ce051e6974c6c74745a4ce6b49badc145041893b048ef42f09f979d0e579928ff78b7aa8abe587c73799a890c26703566918003494a9d1a3062ac019889","ssdeep":"1536:3Hk+1qVc+dJWgclHHlU0ob8OeM8aZLoEAEuRaQ3aTcXH10nZ6XEL4ZXEoFUOnN/e:VqW+dJW9QAMiEuV36XZmUON/e","tlshash":"8b04b8b676d0f89107a780d5843b400af3395c3b146f74a0a3e6cce975645dea1b3faa","first_seen":"2025-12-07T14:40:32.389468Z","last_seen":"2026-06-03T09:52:47.531468Z","times_seen":13565,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/bg/landing_block1.webp","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/bg/landing_block1.webp HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/_next/static/css/40fa6be3dd638982.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 143252\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\naccept-ranges: bytes\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rp14xFIlmqvUpapPZkqm6LyZfOAaKjAcyTV7A0jAy37NR96jbwq11W75KDSKcvv8%2Bh8WQPXwC7xyNrwfyxLY8XW8vyKyVxFXq%2BoIPGqCVGR%2Bcf5Y%2BpMMG3SoLRfa7Q%3D%3D\"}]}\r\ncf-ray: a04a5551b8b6568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":143252,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1692x502, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8201728c6e2cf2db0d1c3c296e9ec4f8","sha1":"1c5b38584ae934775d0ec23c9b0ebfa494bbb8e7","sha256":"308e698488e68037d3a4648279c289467061190da02ace13bddcff1f7dfb24a0","sha512":"76993a0e63c176ce55b170cfbff41c65712a660f800904f7ee54e504e66df07343bbfe33d810cefab3d7e959046e5bcc49685c1d82259c5cbe0d30902ad16923","ssdeep":"3072:jvdXxTC52KjJbmSFgMLRAQPodctih7E4opiSOVmDjXvzV:jVVC5/mAtLRoctiREXpUUDj/zV","tlshash":"3fe313be76b10ae8a8801cdf021e48b97f355f1355ee01c67b27a68f05a3519b5cdf0a","first_seen":"2026-02-06T07:23:24.023009Z","last_seen":"2026-06-03T10:26:05.750181Z","times_seen":2849,"resource_available":false,"data":null}},"time_used":778,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":611,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/kr.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/kr.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jjD%2FutQ8ePCo1d26M7L%2B%2FUeYZpk5APRXRRWXoalFFdjVJ%2FAtoINagoda9WuWc6obEykHZENQeQymoD4BBa0G%2BJ9V3Q0kd%2FWeMzJTukyBu8MFgnhwsZ6BinjoDXOAFQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5553fa25568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1457,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"b57d2718c0f2330c0e06166d4b5fb606","sha1":"80100720aae2017e911dab7726ce4eeb73851661","sha256":"f69a22143e7948606729b9195cb0fa16993642322f9e21cd84533b28e8083ee7","sha512":"f7596cf54e8902e99fbd27113e9d718a95e60b9cf174897370b2adf3ec866686d1d177b230031c5a62d120ec03963d632aa9dd5ab739f1d02d51faaf7431295c","ssdeep":"","tlshash":"ce31dff66301841c97de05905f36b2d9d608f298d8cb84a5419dff55489ebda6b40a38","first_seen":"2023-07-15T21:19:48Z","last_seen":"2026-06-03T17:25:55.450838Z","times_seen":2239,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/muskColorDSGN/mix/preloader.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /muskColorDSGN/mix/preloader.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m3y2y9qLur1XXOKFLKLZijiIHKccUm8Onxb9oD%2B4tkxtzTWVjcyscqUtIyW%2BL5dDIkT3si51lO3Np55WOJ69UVp2CEgCEmrQSC72o1kbi6OB37UO%2Fst1W%2Fnr%2BJdYCg%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554a9d5b568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":72100,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"850e1745f4385099a3518d32d9145e74","sha1":"69969125e203608b7462ed6f8eaaa2917d48ab0f","sha256":"31ccdbf4baef0e8d2e5ef2d71b200f1b8288afa891e6ea50729feecd86dcb895","sha512":"617fd124ef9ca7077d4215668197b1bd456b3f6dd2063130545d4040c4ae11c1d37a569ad757ff74ee26ccedb5db2f150439c8c515bceef6c0434c81ae46edee","ssdeep":"768:YDpuRdZRXU55SUH2v9rirdHR96Hi3WdoanhrqCLUEBHp5ZuQ+Ip1xLtaD3LxUynT:Qk9eui+hrhUEBn8WXED3Lx/T8QdxGwlH","tlshash":"a06395ed2bf018c949c8c3d7ff5944a92d2a91fba5484908f65c4fac1b85c5eec47ac2","first_seen":"2025-11-16T06:53:31.140817Z","last_seen":"2026-06-03T15:09:18.075164Z","times_seen":13776,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/30731-b4906d3166248ccd.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/30731-b4906d3166248ccd.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v7annWhzAcJ5Bu1B9yZcztBT%2BNH3gmAKZZWsQqldKkexSb16eze27CeHjX2A4YG6xCleE4Cr6ynVBbztT%2FGlzMVmgSomZ%2BuTcCdS7UHR3nKoIfcUKce6T5neavTakw%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd8d568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":935432,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"a278de30bdaee7c2a859ec4fe00720a5","sha1":"dfee7e7f7f6bb86b057a87c026fe85debcf3ff9e","sha256":"f1b31f7cc90eae6ec6abd1c9b5e2cab892957933851bdc043acaec409ca136d2","sha512":"77f9c98385a0189d3c4ac23bef30048bcab4c2915cda68f96181e386575b3e523fb4d6ad1d1b99f6dcc89b18122b8e0548ee2628d6f8d948571592754b9ff4e9","ssdeep":"3072:92ydhg+1uKewJ0Byiw1QRi8B6a3bmicWAM7c3jiPYFEcFBKKMhEmDhwZ8:92ydhxQRB0Dz7vMKmDmZ8","tlshash":"bd15b4985bb553fcf405f7f48a2ba4b43f6a38f67a42c4b8c3a91c15d4520ad89a5cc3","first_seen":"2025-11-16T06:53:31.123844Z","last_seen":"2026-06-03T09:52:47.535712Z","times_seen":13638,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/bg/stat1.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/bg/stat1.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0gY3quE4JSj9caRG%2BOLPBb9G%2FOIRFPWJK7i69NdEGP4k5wC7gNyJaqUrFIsDeDss1bdLNSKQG%2F4aHJDt6MSicy1Vg1eRbU0woxHDbeHL1YTC73v2PddN0EcZX1CLlA%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5551c8be568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3636,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"a62014bb87def86bc408bac073b0cece","sha1":"24ce6cf0ee0ebe7956bc76e9bd16151ec3da5244","sha256":"69a3b7fd361a9307dd99ab7a8c12c3178f4ee11e5573a2c0f78fd014e04f4b64","sha512":"ee7ff1a7a9cf304d61ac90e25998182241854e3de44df25fd9541b3caddb222d206a4d3fa250e4d4d64ab42d595f79a0e24fc21ec4fb753f0b7ca2d64eb73282","ssdeep":"","tlshash":"d771e6cd2be812f0ec85b7f6df06642cb80e14b2598848b8f21d1f557b04ce98a4ac92","first_seen":"2025-09-28T21:41:24.045294Z","last_seen":"2026-06-03T10:26:05.72551Z","times_seen":5193,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":422,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/53090-a64743b05c92b22e.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/53090-a64743b05c92b22e.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Bb74O0%2Fsd5%2Bh%2F8zdt4rsmNqhB0L5mj0err%2FPpMsLr0EBBGikckZuCjdSTeItHtOLbyXGRCZ212xU23rUggRWBUvfI84BVJ111tu2dqcdmUl5VAATfAIAaAEP%2Bl893g%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd8c568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15666,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15666), with no line terminators","md5":"15925877203605d5f2355beb36d57347","sha1":"17da103edacb7e181adbf9304938d039a200c1d7","sha256":"a986f72fb7dc330235296b864ba0f244f1126b2eff777b8a13ae36875dc96157","sha512":"ad516778c2e0dcaa482b03f5ab7a44fea87ce340ae85aba921277db245d9e6c5a49f70a27eeb99b6bef662c873647590edc83e75c63116c4e456045245b91568","ssdeep":"384:hC/SLOZgztFl6pfisYkxdZEAXtwdt4DvWmV9PvTLsb6r7/:Y/SCZ4Fl6pfisYyZEhdt4yIWbU/","tlshash":"0862c6e0d362fad8ed6785d5f12ea906b11f2f988b19c074f6b85c2053181c4ba27b9d","first_seen":"2025-10-16T04:05:32.826709Z","last_seen":"2026-06-03T09:52:47.516538Z","times_seen":11948,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/dc112a36-4dd9553e3950a789.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/dc112a36-4dd9553e3950a789.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ww12uKe%2Buvj0pnS3ocv6yMDOzJ2JYkBsiDnYWRvSF6EhKRMKxVCQWSn3NYuOEE8OPSL%2FygkOcp3ue7F0AXr6iH8TiawoCbp7dmm5sc3%2F88gtMg1Gdt5W2%2BcdsVMFXg%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd83568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":305838,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8b0312e3e2ff7226227ee081f6693db1","sha1":"823c7003795d9623f8992900a6f337f599bb7eda","sha256":"dccd0125f7ca7c6c5f3f8ae7d813743257cb55899fcab2d63b70fdf06b2a05e2","sha512":"612eb966b9409ee719588a9f82170d4d6c9b5c075b85981a1ac0dc0fb8119997de7f6a139ba2908d7ccfe0ab342f452e39ca15ec3d9fafdc1c2a7d36cda06d87","ssdeep":"3072:Hbyz4KjrqQmINGbpJGDc0Lf1c/X6Rpbdt0myoQj7sOU1IMi9wD5yojt:HijOQmINGbpJGDc0Lf1c/qD0erI5BEt","tlshash":"295419597254343805c540a9906f094bf736292e246ac49cb36cf4efa8bdecd31beb79","first_seen":"2025-07-19T01:07:13.417114Z","last_seen":"2026-06-03T09:52:47.532043Z","times_seen":14170,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/trumpColorDSGN/mix/preloader.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /trumpColorDSGN/mix/preloader.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B9C2iLBqbu4VfVwhzfqVCAdDeX3yfA272pl2ryTRA8vZhQDOyWaANORlZqXeJsyNMK96jmwz0sI0TuD469pqwJqxw2vhS2bI%2Fz8wUxSYtXDzWtEz5u0BPX6wbdOoHA%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554a9d5a568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":119318,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"40fbaa8ff12ac1ebf23154c29e67a191","sha1":"a0a3a6c3b2a35874dca992b65fe8651809da05a6","sha256":"234f1a89ac1c64f2b60e7b7aaf30d3ec2cd97acd3f5fc844f4f55256eccaf843","sha512":"5c97f0bcda3d832001d8b751d6140ba2835b2ad34989ee6c4e9b44211dc8dbcb099eeb28666d6555505235ea97f71d37dc7c1a19e62c3a98a0cbd64e3c698ee8","ssdeep":"1536:objgkWcss2wEHMgG7RPP1VLatHLKazXxzP4D:TCB","tlshash":"edc360fc1af062cd88c0c7d27f69d2b93c17a3b798580805e66c5f5c0b9a96da851bd3","first_seen":"2025-11-16T06:53:31.134866Z","last_seen":"2026-06-03T15:09:18.089331Z","times_seen":13775,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/bg/stat2.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/bg/stat2.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jToUE73jop0DJ9KWHCsY72whb%2BbVoQCfcCKIG1VdfDsEFFUVs%2F94pmXZ4zoxydv9ziea5v03ky%2BjIr%2BxPHMWsxl2KQHo%2B%2FsI0Fdt0vzubij5VVi9cbU1F03ZHGQIsw%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5551c8cb568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4012,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"5cbab71b6d96ad7f65cb930bb401ba68","sha1":"48996ecb2d0d7d9c1ecd4ccf994b9a24dd52ec6f","sha256":"a1c783e7030d327da610a9c36e0359b2e07573771468225ac6a6cd3c2d7bf12e","sha512":"5e70c60a35359b551d6009e1f63ebef5911c29a63d89ec24225f48c7f20d33982b1f0353cade31e7f541d3df5d534984b6c69379373d086a7e1c5adf536eb780","ssdeep":"","tlshash":"3881d5d82bf585e4a2869be3df01582c3d0790fa2ec54840f39c6e682f55c7dcd128ca","first_seen":"2025-09-28T21:41:24.398473Z","last_seen":"2026-06-03T10:26:05.74391Z","times_seen":5195,"resource_available":false,"data":null}},"time_used":419,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":419,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/bg/stat3.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/bg/stat3.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eknezdpHbiwuW0EArW5ZHIvi7YenDpu7kmQMHsngSPyeUjj%2BVTXXRfPllKJbYv97%2F6dBHiEUy4w7PFFN%2Fzf3gsm14RLHciYmrAnibMrauygbkaKA78H4JGSxgDKoDQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5551c8cc568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3827,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"1b07edac84752d7c56e382e1f7656115","sha1":"1ab72bc6895070dc7d55c8d87d4f4f907c19c019","sha256":"979df951bda3030c2abf6f6508fa7d5914c95535e4c0ed1f20a836cf2857bcbe","sha512":"97c1a7ff703378b6ae5555c686ab628ac9387b52614d1144beb72d575391ae717a0e25c981a4de8366948338760c57c8a8c19913f1d8b37661a2e96c1496af66","ssdeep":"","tlshash":"9a81b4ef5fd402b4d889d3e7ee3214993e4360fa5a8a0d04f36cae89575585cdd1a8c3","first_seen":"2025-09-28T21:41:24.193021Z","last_seen":"2026-06-03T10:26:05.752267Z","times_seen":5192,"resource_available":false,"data":null}},"time_used":417,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":417,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/css/e2258fb368592977.css","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/css/e2258fb368592977.css HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zx6HR05%2FnNprxkY%2BYSERLrLgdOYoyqppy1B64OOYyVlimiLy%2BGx4yUA0Z5es1HnfOhk%2BTC4BmwMjRKhXjbw9WEVsgo1F9aY2smVyXUg%2B4jCZ1cRUQip0gy77Bh07%2BA%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554a9d62568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52955,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (52955), with no line terminators","md5":"0a733f1e802cde23ab9b88e38bf7f0da","sha1":"989f5c1da7b437333039d4e875020e01f5ac715f","sha256":"0150124be9747924c5074ac54c6488cc6e3173e7e55a67d941f19019f2145510","sha512":"00c78fd8843c11af6d4435e7752487314c50bff54edbfb926ffcaefe5831d7e8fdad79fc2bc9d886af766d43338dec9759b9a295f01a7db3e2afb38b6ea2adbd","ssdeep":"768:+zRpjcgLQocx7v9RL6V/G5c5P4NVuvSOIcqH:+7Q31N6DXaOI7H","tlshash":"21337532a224b13cf477d85275916bde3058cb13953796fae952a52dc0cb6a32b7338c","first_seen":"2026-04-27T04:02:37.687664Z","last_seen":"2026-06-03T09:52:47.535151Z","times_seen":1423,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/58172-2e2ad5efca352ade.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/58172-2e2ad5efca352ade.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=etMl8fBTpYn7JbcGploJb92YCrO9LIC6beBfXHyT2%2Bu1AVPSNmWewpDKhwFxc62v%2B5xIn9BBHsgGZkA7ZacXefGdGcg9Cmo1g3vVCGM8%2FHLYXYw12UmXZCoX3x8OuQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd95568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15156,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15156), with no line terminators","md5":"a9784916761bd2bbc76012952021d42d","sha1":"253cf85cec6b9a53b449d758e2d542a9a182bc23","sha256":"c0b7563919543117a0168d95e03a8812821df1f79a8bf094dadda24536660d92","sha512":"54d0abe66c6ec80868c406f1838ff8760bcae6758bd406c57e29d3ae842812ffb81cb315706c46e5d6a26e8bb80c7b1fc2787d02e360d635ebf22aad6c3c7431","ssdeep":"384:H74ml/FeOUGcg70p+tlof7VCEv/f2rVdVOmo778U/eWJV+o6:b4mldXUGZ0p+tl8VCEv32rVPOmg8UWWo","tlshash":"cb62a6d12b10495d3583ce7aca363929f2ef69ba393d57401168cb3cfd18ad4e6361e8","first_seen":"2025-09-13T11:18:32.621492Z","last_seen":"2026-06-03T09:52:47.53318Z","times_seen":14110,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/34230-e87c8d35c9fa1ab6.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/34230-e87c8d35c9fa1ab6.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rCbndvZAdsB2GHF4rTgElRkPBrYxU8LFVVdECTzSsDFDEDJYla4tPE%2F4FdpV06niesfZP6LIXQ%2BbFmwajKs06%2F%2FnXsEXjv5LrIEbJ6zSVJfn0PRbNSl%2F1JHiAymAeQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd96568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23047,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23047), with no line terminators","md5":"9b4900ae7910372c39f90a4ebc702603","sha1":"9a24a588c269ce9c3f57345c32fc19f6681dbc0b","sha256":"09f6962b4e78defeacf0013f19bf739d5427801904333b19f9ab4cf541db3440","sha512":"4a02c00c407ec0eee649e22031775550a2e27fd675d23235783ec11d04efda2480a219e318fbba5739af05b0bd575f5d6d94a5a5dd2db29a03b891b9ba3069d4","ssdeep":"384:05ae/t9qDM109qxJ7aPk9RqKIyoIPzM73I/AKIJ1L/7E48z/08zXvnL5/Tz7qt5V:veVwDM10wxJMKIKIy6IzIj/9KcKN/POB","tlshash":"b5a272c9a390993d2583c53fc635b426e2bf09fa753e534062a9c63df909cc4e7365a8","first_seen":"2025-10-16T04:05:32.834372Z","last_seen":"2026-06-03T09:52:47.528617Z","times_seen":14039,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/58733-c5eff74fea05461f.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/58733-c5eff74fea05461f.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PGFDzxDlWwwl6dewuXDb%2FbnnziMc8E9l2l96G0%2BqW9q%2BhRzu0YmIpTbQRrAAV2VeohFJzKoVDsWawSuw5TlU%2Fceon9zLEs%2Bdmf2mvP%2FcJgK6SAH1bHy%2FuAnmOEG4fA%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd9a568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18872,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (18872), with no line terminators","md5":"608213cbae5946f55bcf6e3e236643d8","sha1":"e6181592f15a748e4b0e3a86966dc1cfb5d508e5","sha256":"dbbc5742780c4bcf13e1aa6afe878f0beb77154dda969c40b074b762a7afbbdc","sha512":"22e77044234d9e0b1b4cfa606b0cb04a83d7492edd1392a1880a984adbc4742f98397845f91d4a09f49e0ff4be85d190e7857113b818a5125c39ecd965504cc5","ssdeep":"384:7ry4eoKi6rba2BN4eofEPu2jQi/Q8nTREBJ6F5ACxKv82wfLba2B44eowGJdba22:7DHiG2Bkeu2ZQ8T6BJ6F5ENwDG2BZhJ8","tlshash":"498286e5e3ca73d0e10af7e44116943c3b6b21fe2b36cf584b9badb0a61549c654adc0","first_seen":"2025-12-05T05:01:35.743711Z","last_seen":"2026-06-03T09:52:47.529189Z","times_seen":13527,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/holiday/bottom.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/holiday/bottom.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=URCeN%2FcluZx8SOYBS2lBt92vpZL3vz8RowwKPn0qm8DmaU5WlSv%2B8hYyWwgi7pndJgYjcUQ1moe9TnLEtjT%2FPyqlTtcJm2n8YdB2KXqo6wLxTPIOZ1%2F%2FQgJYDAEoQQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a55504fcd568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1628,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"165634688949125db4ac194fe8681813","sha1":"c8d8f84854dc11683adff1b17974b18a3077173a","sha256":"865ac8ef0db76c4a0224fc4a29905e93b9e1cf278b42f7c95c8e1d82312d5e42","sha512":"9a4001c1e30d41bda349a631e7e00d8cf2528532717f23c5f19db0ac56dbd771e779ba07390b0c8fbe0beb77b3996e45b9bbef7b770850f8db207beff1888a7c","ssdeep":"","tlshash":"f2316f5c60b6ed389984c14c8d1fe0f5361f2fea07d6975620844dadfb094ff29626d1","first_seen":"2025-12-07T15:18:05.832815Z","last_seen":"2026-06-03T10:26:05.724656Z","times_seen":5516,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/92148-887f80f44d59d305.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/92148-887f80f44d59d305.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=azXkD7L%2Fe3iU%2BYresccNgelwgFDMN6kVd7ba%2BYJoML0v%2BbgDDWcb418aMxy1NxY%2FecQ1H18cZSPr818YmDAm4p6f085vlI9IVQWORYWR5lF0G%2FokrjL4DAdXOdV21Q%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd97568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18801,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (18801), with no line terminators","md5":"c6501be806cf1fdae07f7147e6e32ed9","sha1":"b46315e1e07d5c32e6f2185e25c453902013fa4c","sha256":"e897f0138e8011ec20fdf4ac0b924c9d3edcae74328a9700f502563b25897bd3","sha512":"9fb4560bfb3491d7afc719f71260e56dc3a2bf71d2c1104251901c02eaf7a2d0a9d249d90b51e3831ce7b66e7ef81603dcee6c97900ffcffc51b8e244493e1d9","ssdeep":"384:DLZQxW+19Vd6J4FU0Zs1Th/ndpRqgG4gjbI3/ovs2GK/sYp3wm7GjUWybgAKJ7r2:JQE+buJZ0y15dpRk4y+gt7/sml7GAFsg","tlshash":"b482d89da3e6a5e8f003e3f8835bd8353aa72df57912cc145beaac21d51109cb4a5cc7","first_seen":"2025-11-16T06:53:31.12293Z","last_seen":"2026-06-03T09:52:47.525188Z","times_seen":13615,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/53331-cafd9ec77f422f5b.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/53331-cafd9ec77f422f5b.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nuvz2NdGKJV1mVbmgE7LVWY748TlWbQSEYRaMGg8vvJtEpiCcg8dnDKPzjWxvP7UB2FL%2FlUJT7WUlCMKzUA82WC%2F8JpCLTxvgL9G5hkczXIP4bLP1uXi696QzcPlsg%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acda0568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23606,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23606), with no line terminators","md5":"ffc2a9646f640ee24bec96371d8896d5","sha1":"43fb84011d63dd3ee53c4c5a6ed7bee651bc780b","sha256":"ee75b3f83f6bb1fe59b15f18a040463973036c403110a597b3e77b659b240fc9","sha512":"19765f02ce6babd708e5a582fce2a697188168486b56c78f66d75c7ad4d29e02371f839d2b967fa8094e949f2fa6de2e478d24e24b3150f0eb404dcef6fe63f6","ssdeep":"384:/bEM6MGSQhbWOoOSQ6b82p7X4WsIBcf9CkSfA9CM3ORBq5T25iaTuJ8jFNDtv/LO:/L67hSOoe6h7X4WsIBu9CkoA9CM3OTq1","tlshash":"63b2d7e993f4b6e0a006e3f8d607a8793a6e19fd7b32c95893d95c20c5910dc266ddc3","first_seen":"2025-09-13T11:18:32.113392Z","last_seen":"2026-06-03T09:52:47.517065Z","times_seen":14098,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/73943-1d520689248da833.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/73943-1d520689248da833.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7%2F3eNA%2B0wGDZMdzlOkmq%2FhyLtQ1DeQwSOv4gd%2FfjIuei0teW6hER0soiif85QODo2zTl6kpHekUoP3cdn1JeMT1svteC3wBMdQYY6nkFMt6dhwstuPI%2F07OodVH67w%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acda3568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55294,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (55294), with no line terminators","md5":"64fdc139b6af1827fd601b07f4d24c93","sha1":"f5334e0e066e0af0988c94df23bf183f2778065e","sha256":"b361383c57269bca223d9ea22ec134e581daeac429aafdc1f552ca59ee874427","sha512":"0837b4c6708be4cb7ebc64fc988ead1ca13ab4eab7236451be56a9fb14b1de983d427230ec1a4e3bab1d95229b6ebfaf2f31ac9893d1a5553802d6e3d35741b3","ssdeep":"768:T5poCFrHcJfP4gFxZePqxkKZoesmsb4xvH+k+BtJ+cIDGQwJ9IEH6HxHRzZASR/0:TALhZLD+tPIRA","tlshash":"a34383dd4bb019cd6dc49ae9bf0600bc363e92bab069882ced4d4d3850458d9fe1bbd5","first_seen":"2026-03-28T13:42:32.426354Z","last_seen":"2026-06-03T09:52:47.517586Z","times_seen":6503,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/fonts/proxima_nova/ProximaNova-Bold.woff","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/fonts/proxima_nova/ProximaNova-Bold.woff HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/global/fonts/proxima_nova/stylesheet.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: font/woff\r\ncontent-length: 52068\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\naccept-ranges: bytes\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0w3eP1KelKm6Qs8O%2BDzeq3CAfLZNKw%2BJBNK6FuI9Ci1VMU0FPAEXbC%2BxXqqrYiu5iEho1V%2BjDEmIRpzUEX2VaUp7kMeoASRSfpFEsIBhJqyFNcjqH98Rars21CLzNA%3D%3D\"}]}\r\ncf-ray: a04a554c3e36568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52068,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 52068, version 2.3","md5":"e2cf3dc2f079bf3d5185a02552f153c4","sha1":"9e900ba7e0890a12a5697fc7ce86c058b145d215","sha256":"99a24fdd4e16d8dd4fdd79a5dd2dd7b71c2c68473fd6b3cb4eca4fa3f33d9ac1","sha512":"1043f0d116fcda17bd933ff2594b7c79a1fd41259f28aa8283d90e1a56eb6b8830861f109f9eeb3b81d79408e8a6a3648d973ee8a42fb5c096b0f84138392935","ssdeep":"768:gUZ1BWLCju+iIoHoWcknJh+7x77rai9YTRPxnE6eWPeLJWPznTdpjXeE8vFmdn:fX6Cjuct8QxDai9YLE6eWGYfbX98vMd","tlshash":"2433f1a524350e2797b7f4fa349d0665cfc6024db42b55faa4cbca019a5bff8b530823","first_seen":"2023-04-07T12:58:50Z","last_seen":"2026-06-03T15:09:18.088284Z","times_seen":15241,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/bg/landing_block2_semi.webp","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/bg/landing_block2_semi.webp HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/_next/static/css/40fa6be3dd638982.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 182372\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\naccept-ranges: bytes\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Bb1NuApgYAuhq%2FcMXCYlGUCybaVYIrGsZCq7aJwzuiDhSgb0LE3QpQKWx52Wc8Ru8Hq%2BRiYYrb15klmyr5tRxiKzYgKdHLLjLdOmYa06uH0ZzrxsZPPH1g3NTuQ7mg%3D%3D\"}]}\r\ncf-ray: a04a5551d8d1568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":182372,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"03a41ebfc2822966ccc84b5f11fb4f37","sha1":"8a03e5c17973d563e27d03be49e710e14c70d862","sha256":"c6c3494d6e8ce461c4d7b6d1003a9f6c5131d4bfbc81150f033713cbd161c50d","sha512":"feef02093801d484436151ede3a28e4a652c7614aed8bd49972100bc8e7fe24d276415b4be84c6bed0ba871af142c1ca12d405f8a7fdb2d43f9820dbcefc3a62","ssdeep":"3072:ReuoArLIEpV1NVfhqB14todZgaqt6eOLZCfBEunnFvrQbOPPFp8+AjJZP5o3mCoA:o1A/vfh+1Tiaqt6H1KtYOPnaNg3mQ","tlshash":"5204122892bed919d2d85bebc73d50da380cdac3ece73623df162435640c9d39722666","first_seen":"2026-02-06T07:23:24.025684Z","last_seen":"2026-06-03T10:26:05.760662Z","times_seen":2852,"resource_available":false,"data":null}},"time_used":797,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":412,"receive":385,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/pt.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/pt.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FzGyzikMPijT4oPS2xenwR1A1EDchR3V%2B0OGKNhsQpq8fzeZIbXqi5txgJJMCxY96ueZMKec0xDFsEEp2x7MBcdLi1G8KBwMuyT%2Bf0IJSR7ryHyUlE%2Bjir9qmaCWfQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5553fa22568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1445,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"6e9db125513715df3ec213f701b912d8","sha1":"f0fbb6a6e5b7a068d28792280f397a4b879deeff","sha256":"3054e3bbce0d049b0ab3d157a16b24f7a572a7a45e73d342e3b7b8d5f28f0a4b","sha512":"06c04e06e44b97fc2b4379173dcaa7003f3cc5ed58db1697e0934f96878fc16928e08eef9a0be085cafd61b545718da8e8a7d8b456b57b194a51c1e22128c775","ssdeep":"","tlshash":"4a3174c9a335b0c24a17cfa87f2ef3c2044a67f8291c9884708ba90c3955bcdbac4d00","first_seen":"2023-08-14T20:47:06Z","last_seen":"2026-06-03T17:25:55.452875Z","times_seen":5710,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/app/global-error-884c85b40e4582c6.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/app/global-error-884c85b40e4582c6.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j8WZSp9jcae3%2FoG9%2FqvIUhQXAKybUugcoOwqAy5Ybh%2FtBFMVn%2BqsYptk6ydQxD9u4ptmplCV1fL6AJsk51HIjS63DS0uR27AtciEQ3P4Moq8BKngV5iNLSUgMtavJQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acda5568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":257,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"f464032672c337bdea8b237c7d05b702","sha1":"1cdbf7312029374f51084e227c35c72cf4faac6f","sha256":"3ca5c4f015655b1f2e26748722813831cb576b3def592ef586a979ec3d51fcd1","sha512":"10ce4756e8a30584054c01bdd74fb68cce256d96ad3d119f06b93d62558a8c16992809d6dc324beaf792a5b78e3e237a0699fc707da94c95c8060b47b43d0c08","ssdeep":"","tlshash":"2bd02bc511817da874161a6955b4d835304550b7302ddcdee723ef2108a25a40341c0d","first_seen":"2026-04-14T16:12:13.061771Z","last_seen":"2026-06-03T09:52:47.53632Z","times_seen":6110,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/fbq.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/fbq.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5zQTC6uZyN50r3B3FXGLfQ%2BjYQci%2FZ9WpGiKz36rXTHRy%2FEZzAzh0ic%2F4CMy7xHh3eTcz6fy%2FgBd8WIBZF3WjI9v7x5TPjzJFNqM03qPUlYVBaBhFAHoW5%2B5W9NC3w%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acda7568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":408,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"0b834c87557376668b3c3fde729a8db5","sha1":"872448d973ce02e75d52b31641d961601167d04c","sha256":"cc63b490224b081fc3bef6a696dc3ecbe7ea7bd45df00c8a53cfe304e7bd5469","sha512":"1c40528c95bf8c5d60ebf3dba6df8ca43390e5239ea50ef08705e547c48635a1f399f2f9d7207b4575822d2ce3dfd6e2b7ef7ee3b431255837cf2545ea5ed4c5","ssdeep":"","tlshash":"e7e0619f2c43b42733e97639c727a67b3763070178c2d919ba05c8151fe08966c96d9f","first_seen":"2025-03-19T10:41:28.92776Z","last_seen":"2026-06-03T15:09:18.09684Z","times_seen":16144,"resource_available":true,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/holiday/hat.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/holiday/hat.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o2ijX7ElwmpWoVIW2BUZvFe4sn9jJgGQvAOtkdEQtVpCBBqoZLu%2BGbfmRrJVWS18kS5%2FKvzabjrsYASZS774b1erypAUJxjmgxIt7tKSaYNX0in8BVy5Uan9Gyikaw%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a55505fd7568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2987,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"ebf4ae376fe7b0c4da02abc9a0e648cf","sha1":"74f107d8c9add6f03d767e3c60b4b10d90f9b2aa","sha256":"67cdad7bd65668f2f0f392efb2933b7ee75902995fdefba25792859e4384b566","sha512":"b3fd5d449af21db89d091f46d6399f4e446889580de88f08413222d8f2b4a66c10eb09c0c3277126884f8c86fa0ba8310edb3269b400c85ef7afeb4c22a6278e","ssdeep":"","tlshash":"4c51f0f069fc608c65460738e6be88922f2d99fbb20445497d5d2ab0d717883f98fb94","first_seen":"2025-12-07T15:18:05.826288Z","last_seen":"2026-06-03T10:26:05.772354Z","times_seen":5519,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/fonts/proxima_nova/ProximaNova-Bold.woff","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:31.268Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/fonts/proxima_nova/ProximaNova-Bold.woff HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/global/fonts/proxima_nova/stylesheet.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:31 GMT\r\ncontent-type: font/woff\r\ncontent-length: 52068\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2889\r\naccept-ranges: bytes\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8otTmh%2B4nboUePcjlZpsNpVhwwNMl3OkzeYc0YnTGgEZ56X8kG3vFcMsP%2BII9rWj%2Buk2Mz5LPvwYMgA%2BB53dGsDTw%2FyeAb7%2BeJuq9QaBiVJPkA9rAdEmx7R1QxO9YA%3D%3D\"}]}\r\ncf-ray: a04a55567b6e568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52068,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 52068, version 2.3","md5":"e2cf3dc2f079bf3d5185a02552f153c4","sha1":"9e900ba7e0890a12a5697fc7ce86c058b145d215","sha256":"99a24fdd4e16d8dd4fdd79a5dd2dd7b71c2c68473fd6b3cb4eca4fa3f33d9ac1","sha512":"1043f0d116fcda17bd933ff2594b7c79a1fd41259f28aa8283d90e1a56eb6b8830861f109f9eeb3b81d79408e8a6a3648d973ee8a42fb5c096b0f84138392935","ssdeep":"768:gUZ1BWLCju+iIoHoWcknJh+7x77rai9YTRPxnE6eWPeLJWPznTdpjXeE8vFmdn:fX6Cjuct8QxDai9YLE6eWGYfbX98vMd","tlshash":"2433f1a524350e2797b7f4fa349d0665cfc6024db42b55faa4cbca019a5bff8b530823","first_seen":"2023-04-07T12:58:50Z","last_seen":"2026-06-03T15:09:18.088284Z","times_seen":15241,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":56,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/main-app-fef4a8898ec7782a.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/main-app-fef4a8898ec7782a.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1VizeSkbNlqvxzqm12yB46nnbIMySnpIovPSGbpWELqSezClrzWSVXqFPjIQ1R7IxodYInOt9gDwUInDyLwUSP4kODaellznBeMKxTs7NN9zX%2F5Ln7SZyoQufxBoDA%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd82568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":537,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (537), with no line terminators","md5":"c06acc17c28c2888a1a2466b0a0d12d8","sha1":"63d7278ad805cf6b27e6fb76daee100f7cc61afc","sha256":"90a949795e63ad10200d2f57df2706979fd66bd412caea2130a9c707e21c5d5b","sha512":"745f5cba8c1f8c006b2d9a1f8ec15fe3e66d7909766f446755243e1b63aa4d611233d9fa175bc9001bcbce4a4a782e79feb80846ba96f394b38c1ed2b1f3c2bc","ssdeep":"","tlshash":"f5f0fba55f0df42f5d266e74fd97ace2184f4275206b4e647d01dda23c67b6cd260408","first_seen":"2025-09-13T11:18:32.65005Z","last_seen":"2026-06-03T09:52:47.506571Z","times_seen":14163,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-01T01:09:28.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MhX90U9Lv04BHT8cUwiB5U6os3LX8BM5k7o%2Fa%2B87XHsB5B4AoVNMqLsrkImynHU4lkV1udut77KZVKh%2BZfs8jE4x%2FKKchuj8D7iHJrdkZFuuC6wE42ycqlmknkbsig%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: a04a55489c9f568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14979,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (14979), with no line terminators","md5":"fdecb68018c2ba7f55856fe593e3f2ad","sha1":"27eb767a8fabab7fdcde55ac56e0e1e831ebeaca","sha256":"6c8a30ab558d33b6c99957c6392fcee431f1191b8525b141ac3c24c68a3fe941","sha512":"9ffffd46350df6a9612730dcb4c032d82078813dff591a31721f437de47a568a65d821597a53e5c355b10c14751a541f08458d58f65ac363ac9a0ce143171917","ssdeep":"192:oUBYB7B1BdBmUOfMUazhnvefSpGB913MCqunUb77nznCrf38Bqb7sDoH4qNt4qN:osAlnPrOEUa5vuUb7TrCb38Eb7sZqN6u","tlshash":"aa62311bbc05ce479c76ad5d013e5e3a90cdcd7bca34c9b8929cce9d0251aba1bd9c81","first_seen":"2026-06-01T00:21:57.257448Z","last_seen":"2026-06-01T01:10:01.879852Z","times_seen":2,"resource_available":true,"data":null}},"time_used":358,"timings":{"blocked":124,"dns":42,"connect":32,"send":0,"wait":104,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/css/f4c35d25ad508bbb.css","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/css/f4c35d25ad508bbb.css HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nlvi6eLMTNEyYR673h%2BzcZ8dHoAfxM5eUV0ls6jD79VW6rifI3H4r%2B78ITcFrkztgk5xl9gbv6GyGMAxZVYkWiDQCE7W%2FTFbHWgYMsZ%2FepKwFa2QjibLo7LOvYc7IQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554a9d61568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73127,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"352610a98ba454da4328d920e76bcec3","sha1":"eff07325ca50c8adf7a4167094be9139565f95b4","sha256":"0170024a3bd7f74a5c96f95f2d75192eaf67f548551527e779304e277f08ae5d","sha512":"22112184d409dce2f89996de3bbc2820897a75474ca2d26f7ab2f2fcdf089b1e76df1a00ca2219d816cbd26f92d32c8f04882061bcab5293483def402135217e","ssdeep":"1536:k6l7m41sxUZqCVFiDsyodIidBz9XMli9PozWNw9cXMomUgefzXu7b:C","tlshash":"3b63b9715228f03cb9b7e81375c06acf7168d503b67366eae561b93e80c76933a6234d","first_seen":"2026-04-14T16:12:13.0726Z","last_seen":"2026-06-03T09:52:47.511644Z","times_seen":5769,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":75,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/css/8e81fcdcf1ec54e2.css","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/css/8e81fcdcf1ec54e2.css HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IhaGo9GwgYfmPi0i7jLXTJUknRfgHd84Fc3133vXDdQ%2FQdJNojdsPIXrBlavgi%2B5TNkQ9EibsHMLEfH4KTTzqyLyDDLWbv7WxAOwnreit5W2JeRAw6V%2FjMT1W3Xj6g%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554a9d66568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1716,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (1716), with no line terminators","md5":"bf592a5811379ae482c9e92a45fd4f67","sha1":"9d15ea7c197354a02c444de74431faf06148ff24","sha256":"2dd1778f984a6c6bf17b110f0ddd1a8dc946ae335f4cc4b2854d31b9deef77c0","sha512":"b234e7b311bbbc4233a77a17c4c1884df087cf873e621c5a54862cba1346042f140cec5fb87b30bf95b142f322eb0cb57b080f7afba537dc22608c907797685f","ssdeep":"","tlshash":"653112538932c910bb7691453098be8b0172a4426fe225bde1c69536c4cfdd33647b8c","first_seen":"2026-02-11T03:27:01.068197Z","last_seen":"2026-06-03T09:52:47.512176Z","times_seen":7298,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/56060-72611dc1ca384f99.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/56060-72611dc1ca384f99.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6mZRDQWAQ3x4H4xopFPYwB5fBRh6iQ%2BsWqZ1mj%2BttqtjSb6ajWBLC4vOBlzeimBOjnz8%2FhFKxRRXQu0uyGAM6PKB4N0apo%2FtXq3AQlvARsI%2BJ86%2F0SFnBFGzvFyw2Q%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd89568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10031,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10031), with no line terminators","md5":"6685f1c3cdf6f0d1227ab2b5af23a056","sha1":"491d91380ba5da6dcd5027bd954e6fe11103b18b","sha256":"237ff25124f0ca73e06c9e1d59caadd016273fa9b5b6bf211c991cc8d34d1b92","sha512":"6667f2ba323afce441aa6e23fdcb8504dfeda05286da37d594827c605042ba88ddd7bc5c6ec9565109d4a0ad4ddc9f8cdde4ca22cbb9eb8122b85ba04bf1d0b2","ssdeep":"192:/ztywjuim2pZQizyySL4tLg6SpiQhQ+YmzSRAz21OfsuAAuaSXCfb+e:/z9juim2xWySL4W6STYmzSRA61gEC5","tlshash":"4622ea847260793e1547866fd1be5516f27a292e382ed25433b9c83cfd21ac85336bec","first_seen":"2025-10-16T04:05:32.850927Z","last_seen":"2026-06-03T09:52:47.532611Z","times_seen":14084,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/audio/message.mp3","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/audio/message.mp3 HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 29091\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\naccept-ranges: bytes\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JeMNMyESG0U8BNN%2B6xn7f2MUYCgtP1y8lI6UH1HpGe1sfZ2koA7iFwVPrK2WqI2NqoUKcVvdn38m2wTcMR4Y9Xlj1Xs3X%2B1oQilL0kC1%2Bz%2Fk0A2XSVRlQ%2FdBN4TVKQ%3D%3D\"}]}\r\ncf-ray: a04a554d6ea7568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29091,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo","md5":"a74d3b2a2dee5892841f7e37ae8343a9","sha1":"90b69421807b860b265c34a5e2f249e3fdf05ae8","sha256":"7bc02c22f6a0a75446187dbe0547a7eca86c05e3d3d369e0831dc084bb974ea3","sha512":"7186807bb91804317231d48b985557d4259820c45cc6ef48fae69cc7f50b7195b1fa9c271aac9c2104b7cd0a48a772a9223db8f0e4f53cb2302bc401246c0f9f","ssdeep":"768:OBdZJRccW5UzJDDNx5kbu61m29Ij3Va3ZH0jycOFFLQU:0JRJW8DDNOu/j3VaJwyXv","tlshash":"92d2e13b2d840d8cf1868574226fd588e0b97c9a129e5f52ed9feb494637031bb08fd6","first_seen":"2025-10-06T22:40:31.572152Z","last_seen":"2026-06-03T15:09:18.088832Z","times_seen":14008,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/51096.d5d2efd398115952.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/51096.d5d2efd398115952.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qdJo9aMkgph7UUzBA1rdX1RRPn1MyV%2FB9cyQHH3blXlIN0SEk%2FQhbBy%2FIvjMY3moaoqvhtj5RWW3bGdPnGio20femvzDndANhZf1e9AbRSg%2BIY%2FCU2kar3VpwqJ8Mg%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554e8f0f568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35333,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (35288), with no line terminators","md5":"e3c132e70a3cf169a2eca9d5a55ebabe","sha1":"b4ca48271ad20555f17c11a3e9b0acd351771222","sha256":"a756eb284f53f6210c994a6890be5af55389875c0baf7789c9bc5e555bb69f5c","sha512":"e24b666010f17d7bb5c49ca0686faf3670ebb34d1139918c87b98e22274e9951a46fc21dfad095ca07f6775ef978e8640f3b16f237dd7aac4f35cec9147476a9","ssdeep":"768:bt7hsk89UGTrNgELQFENRIP4TVNUuXCEth:bt9sk89lTxTQ4IP4JauXph","tlshash":"41f2d80f460c22f13b9711423e9e1add776d65147712c87db9aa816d338c8d9a23bbec","first_seen":"2026-03-07T05:32:19.757389Z","last_seen":"2026-06-03T09:52:47.540891Z","times_seen":7179,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/holiday/hat.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/holiday/hat.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T19:55:50.407409Z","times_seen":16088471,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/webpack-61b4895fb3a2406b.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/webpack-61b4895fb3a2406b.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=npp%2BGQMYZWOmoTUF66z9N2fKLrMQuHWHhrz9GtHT3qsdlPKPq3tLCWWwdfJFjxTRhOzt9I%2FjRtNrp8Qu2p9FxCpGplM4aSmPDViPgHye8QXtBT8DS9dax7wmeDv%2FQg%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554a9d68568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26740,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (26740), with no line terminators","md5":"2107026434b2239725ce96e2ac18d34a","sha1":"b83fc577ef8cdfbf23010ac0236f5693ced39c27","sha256":"3850530ebddc63ccc8da193345379891146bd39418c19bc77f146175f14378db","sha512":"f36d0c5df43394788fead75d029e8a7a37267ec5ac0ae29ca6be32496b1abd15b88dd7666eeb3cb04b69e9badbcd2bff0750bbf4fb11c2b1afb5322d82c05743","ssdeep":"768:++ybMHFdgJVhQskYzZujragyk/TlZeCPuLhO7/outNOPUhMfcJJF:0bMlarpLV0ragnZsCChODouWcMSJF","tlshash":"a2c239bdb31cecee3c3005c6ac5224f46914b1227c464cd171dae77a04b6c79a76afa6","first_seen":"2026-05-20T18:47:35.405271Z","last_seen":"2026-06-03T09:52:47.512706Z","times_seen":1000,"resource_available":true,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/app/layout-414e3e65ac0c109b.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/app/layout-414e3e65ac0c109b.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CoIZM0ZrpE64Zhmb4ZxLMjLXkEnLiUzNqjjZe3HVrUwIcQONYdK5MrJJbVkl2jPgNahScL0dJXn75JhTISj5GhA9T8cJgaFeDPd5rE7ZOf09wHGwc9HD3d7Zx8a2Xw%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd87568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10497,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10497), with no line terminators","md5":"da0436ea5a84ecfb8d9e14acee81e33f","sha1":"a25ba244b91fa5b8e9d7c53f260f2ff930c0e474","sha256":"337924b21e041c6d14c3599fa10ae6f890cdd6cf595d7466580388c946b426a9","sha512":"894cc5833f927927eb1c72f2abd7ac17666bce0915ae99448c641f1e1120ce9abeec6a78fb2a43a33e60c46ace40245ccf798bf1ba2264f078ff4799e1ece205","ssdeep":"192:lTUQUBoSCqdIpNRDvf31/wZbMdyeTJzTF5zb6:lTXUyc0NloDeTJzTTm","tlshash":"6022b611b484fcad0be3c89c9cafca08916e1b16d8a8847f9f1dd62910b295df175b1b","first_seen":"2026-06-01T00:21:57.196239Z","last_seen":"2026-06-01T01:10:01.88728Z","times_seen":2,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/twq.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/twq.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=828f3cDBlYd%2FYkeHQoHeSbGH6pa%2BxmbsR4lWrgDReyimmMXfD%2BvqicDcDzql39uzk3CBHHX0jS2ALB%2B2DMAbdnEs4t9S3aq8XEKDpkPNjQkt53P8FRGbg%2F8bNuc0pw%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acda8568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":308,"size_decoded":0,"mime_type":"application/javascript","magic":"CSV ASCII text","md5":"7f4d9e824f13f7d27acdc868f36f7208","sha1":"125a712d37aefe5d3e52ce2ae8986e109eb473de","sha256":"d6768cdba372d919e6d9322bf3cf3a0dfe427d86293aaf16f23d096028a00a1a","sha512":"d6395459961f34c3efc4c55ffa6bd873fbf20cf9aab17d31ec926d7ff645cfb9ae0cfea469b98e0604c5de162b60eb1bfc7b06a6fe91e3497f3a4fb32d29c20a","ssdeep":"","tlshash":"66e0e7f12d093d631fa11374117f931f3143210575595b91d59cd540376249f8037b8c","first_seen":"2025-03-19T10:41:28.935479Z","last_seen":"2026-06-03T15:09:18.092985Z","times_seen":16138,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/api/extra/pixel","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /api/extra/pixel HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xorawin.com/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lHtiWzg4xRCHzlFvJ%2Bg8xeBbTTP5sjrjBT2uxc7Qn8tmvtwcSVX2tQzaIsq3TokwgnptiJ7ike4cgz2ReCtP4apNj9fq1YpLn8xdBfzbdH8rv7%2FLy%2BZcNOd8Odg2zQ%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: a04a554e9f17568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":71,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"428647be4acae0d85bd0799a59237001","sha1":"25b1dbe5aaaf5fe53a11fdb05fd14bcad3e92ebb","sha256":"edad519cb99926a099d84224b6b7427bbfbaa60c6ecc1673c039a0723be93006","sha512":"8ed0b8ab8b00e7883301e4dc47e6ae3c38abe1686e6de48d43983fa8105203f86c36b86cff1a09c9bdf9406ac7c4ac2f8b6a8654a42e1b5d03d843b5085428dc","ssdeep":"","tlshash":"f4a022c30a200bc2cc00000008203b22eec823238300022bc00c0200caae0fc30c333e","first_seen":"2025-06-04T11:30:16.150294Z","last_seen":"2026-06-03T10:26:05.741722Z","times_seen":12865,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/holiday/bottom.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/holiday/bottom.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s1TFPlkz1Z6MOQ5F3TGaN%2B556AAgv9Fm0abMsPJPLzPgz9yKpyjEYdUgv4yIXiFZpsCh8VP0R2%2BP5dQSc4UUB%2BctUYTGYcxqyz6afqKUH9v6JnjhQaUHw%2Fxx21rOqQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5551988c568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1628,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"165634688949125db4ac194fe8681813","sha1":"c8d8f84854dc11683adff1b17974b18a3077173a","sha256":"865ac8ef0db76c4a0224fc4a29905e93b9e1cf278b42f7c95c8e1d82312d5e42","sha512":"9a4001c1e30d41bda349a631e7e00d8cf2528532717f23c5f19db0ac56dbd771e779ba07390b0c8fbe0beb77b3996e45b9bbef7b770850f8db207beff1888a7c","ssdeep":"","tlshash":"f2316f5c60b6ed389984c14c8d1fe0f5361f2fea07d6975620844dadfb094ff29626d1","first_seen":"2025-12-07T15:18:05.832815Z","last_seen":"2026-06-03T10:26:05.724656Z","times_seen":5516,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/bg/footer_support_girl.webp","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.530Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/bg/footer_support_girl.webp HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/_next/static/css/e2258fb368592977.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 57850\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\naccept-ranges: bytes\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o%2Fn1fud7S04t8Npbm8sXECQjVIHzDo8%2BFmI%2F5B6RbWvLIUAX27f3ERowkJOazXXtwKJWTmqaFDXEsh%2F4nIPLY9%2B7dme8hpdM7bhTUgfmUXpb7G86rws3x9BzPrjSGw%3D%3D\"}]}\r\ncf-ray: a04a5551d8d4568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57850,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5faac5f71c2e22c65bc69c285c0d3696","sha1":"fca1321d83571cd8e5cc3675251b7b1494657524","sha256":"9bdf3122176092018f424668f17ff2671b31372edca458b79c74cd9d499098e3","sha512":"2313bd524395624d329705b1f80dfbad7fe65729a4b5e02a2822ed990a6f9b0d78081b08210c70666d4b6076827ddd27948179654db24209eeb65cbe2ac9a5ee","ssdeep":"1536:MO09/ae5eKf1sIYm1Utg2OTeeydxh7F+euCxPO5U:69d551srmOTOTp+b3xPIU","tlshash":"ce43013c7ae9b930cda1243a4325ddd59c20c652f80b346abf9d86907224d7c9fc39e6","first_seen":"2026-02-06T07:23:24.013748Z","last_seen":"2026-06-03T10:26:05.73111Z","times_seen":2851,"resource_available":false,"data":null}},"time_used":761,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":411,"receive":350,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/app/not-found-79dd159fdf7277cf.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/app/not-found-79dd159fdf7277cf.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CsQuQpivuKpkJyc3PClLkdkIElKmvfUvr7a8p2bOzTdI0RX5wh5mCReP1cb5d6DTNT8nZLmamN6XQpd7b5K%2BbujMvOqp54N89KZpFNmbApwoKFEdm9tm8Cs27KgnFw%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd90568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57585,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (57585), with no line terminators","md5":"c5bf0f0d0908f5be3891ea553a11b27d","sha1":"93f92782862029bbccf0f6aac5e2ff20925045e9","sha256":"5738c21b3d05ef39da1e2263476827c3d70678a327708c1d14229d77e643f4f3","sha512":"92526e8c0552a6d54d9a85ff6c9d58c9a320ff53786f01a12f6a0ec4014b12dbbeecd70387e6530bceed4bb5a9adb5cd83a342b2bd91cc6de6bb35c5fd9a3380","ssdeep":"1536:k8cwg5kif2aMaiR6HKf0x0XEdw/BvD7/a9yOA7:mdw/R","tlshash":"7c4374ed5bb009cda88896ea7f0610bc373e41bab46d8928ed0d5d38a0418d5fe17fd5","first_seen":"2026-04-14T16:12:13.082004Z","last_seen":"2026-06-03T09:52:47.52462Z","times_seen":6112,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/gb.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/gb.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ayQ11aOAMRqmenzPQ3eK3rVpPmpd6nbLixNvz%2B8zbu2KcvQYR%2FGyr3h00WxGptAV0oZqyyrdYgCQKDqtuMq8bdrLK%2FXCzCuYvbrP6sYWwHjZr3LN9Hp5KblCO9PTfw%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a55504fc9568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1183,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"99a9e5571c2f5acd9cb910ce6a3f39a6","sha1":"876935939a01dae371583220f75bef15b5185c68","sha256":"5ff2f32ed6905d887f7d771029c1e65b1ef059e92260b548908cabb4e886bf19","sha512":"14cfeeacd8e2f9b67bf2e1f5b2823a98fc60854fca5afd0b10be72ad647ffd38aa4058188451c98e2045628706f0b84dcad508fa901ce146705102fed962de1a","ssdeep":"","tlshash":"ea2163c84370b5c059a74fba9f28a2dc924925f9ddc96ecd10be0538445ff5ed01f009","first_seen":"2023-05-08T16:47:32Z","last_seen":"2026-06-03T17:25:55.55269Z","times_seen":6358,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/it.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/it.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DxJnOrOpUuwPK%2F8kHTeAUe97EjCg5FR0WqzR5IeIVaGB9rZL6fpX3YQ2rF%2B1qiD7qzC3kyh9BFGotUo7tisFb2kE6kbpESnpgccQ4S0QVK6WrDpN%2BIjh6l4%2FGHuF9g%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5553fa21568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":270,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"4d4f20f2f1c88447480002bbf675404a","sha1":"e4a918db17e02d130c9733d7457211389b459535","sha256":"41b974254f3dd5b0853af7585c0417998a1ffa52e97e000fe2af3eee2c916d57","sha512":"04e180d7684ab9fefd920a74433c7fdea73380c5ec2588d6174ea6c14a20bdf1ebaf250158977863fd79051cc5012e5da4b9453f88998262b5cdc1672810ad79","ssdeep":"","tlshash":"e7d02b9dd07de0c448229bb03e9e31c142962327364500daf04b271861cc3ef7e41f04","first_seen":"2023-05-08T16:47:32Z","last_seen":"2026-06-03T17:25:55.604818Z","times_seen":6156,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/73345-c6c417d67f761339.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/73345-c6c417d67f761339.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GUnH1OIKLApoCULak%2B08o4IE23jozeDzg5F4PJcF2qdmWInGbey6YKayNv7Wx%2FwVRq7R6x2QabroS2sKFaLT%2FGksnfMHEwbOI1oI1v3C8K%2FL0xlmaF0gX0mJ5TAdPg%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd88568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":325834,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"eb597de485c3029dc93b6f3225acc0d7","sha1":"d3a6bc9d6749ea9f0ddd1b1862c90303f3ec3254","sha256":"3513d69dd757c29044eb92ab6a908ba6755e0845c38105ab2e196b0c75b96583","sha512":"1420716788ac11ed76547147942bdf2329c1bcfe8770745c3bbce32f99ca5c5866e20253ced9e0ebc4597003f7404825de2b601f8d24b5c2fce1125eadf0ad63","ssdeep":"6144:bV5sFqdfuGDdF0pL8sS65eILs3QKQmiOB0lDz:bispi9mVB0lP","tlshash":"ef644a9c7682b474939b016a807f0107f37e2d57240e4824f270d9ee7975e99a2b7fb8","first_seen":"2025-10-16T04:05:32.880573Z","last_seen":"2026-06-03T09:52:47.528048Z","times_seen":14077,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/bg/preloader.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/bg/preloader.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/_next/static/css/d4dbba7cd4889f6e.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WDuChNmZZ4aNlOhFkfDTAtnwEHQzIaDAOPoGgpWFqzqzJgMgwudU%2B%2B%2BJ2Bs3cZ7bYirjLZYTyNc4YUyz5JB%2Fv7%2F5GHZ2l%2F5%2BAhOWJrhYbcFNqUZ%2BrbW6XdEuL5lX1g%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554c3e35568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1652,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"d4cf0d8e07d5ff0a22dde176b5e6926c","sha1":"bb3f41bbc80202459f3bd9a27054f855523f8ea7","sha256":"caa934ceb360955e8ef4eae0984d9ee475137fa2eee2b013586e25461bc1703d","sha512":"03fa93b18e1610abefaaeee02782234d164bd6de0d27aff61c5aa02e260d50e0b69233306e46bcabac18c6de2ce085a5859bd4ee71c2480acb0e4a719a3c5123","ssdeep":"","tlshash":"703122c04abc425cf604a6a9cf122875be1a64ce578564baf3ce9d06935805b8e0299b","first_seen":"2025-09-13T11:18:32.012309Z","last_seen":"2026-06-03T15:09:18.083559Z","times_seen":12120,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/bg/free_reward.webp","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/bg/free_reward.webp HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/_next/static/css/f4c35d25ad508bbb.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9602\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\naccept-ranges: bytes\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5X15lxmEurQYXiUpWj6Vq6iJfFPKA7GHn18Zz%2BQS9KID9Efreq80LghjfyPqXtyTXjduuvNOGWa%2FR5WgDzwd7kzFTFDssl3D3FI2cMHbZN4%2FI3hBsn5MByp4uqJftw%3D%3D\"}]}\r\ncf-ray: a04a5551b8b1568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9602,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 390x108, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9ff1da902b946265f24272fc301815b3","sha1":"395daddb9c99b6f15b2651985a115e6395128db6","sha256":"67f87d0d17d6c7549cb8dfca755651258f123d24bd28e67bf90a6d1777831edc","sha512":"3e60ab0677a151c7eee4111c0269503dad38b9e36e9a7d52e540968d642612aeecaab21091a3c3795943bfcd701b51efc87ffd283a8273a4159484de4a362e29","ssdeep":"192:AXpAE6uvkjO9qzNScQt9EXi9N6y7D+AKbr2i5+q1Hj70rl7zkmt:AXX6s/9qzNIjr7cbiIRjorhJ","tlshash":"35129e54b67eeac19fa7c5ef26f093931236a77d11b1e8c3087d1ca64464930f384a1e","first_seen":"2025-09-28T21:41:24.335314Z","last_seen":"2026-06-03T10:26:05.767872Z","times_seen":3971,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":169,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/in.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/in.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K%2Bt2PqSq1i1wUiLwrUj8fRLxwDvW0ogU5miBCZxR0XhwKz9lpi0FGt5wgHBLTBTudRL8%2BHxNhOlw0Zti98J0VNx6Aeqfi7Ljg22uPm%2FSeSi9dZJWLlhZu8ZoWTXMLQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5553fa23568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2301,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"f0c892dde95804d59b20416b8db9fcbe","sha1":"41f09b07a8c26144aff93575ba4a07a0122bdae6","sha256":"aa82222076d0dd86dc6f37947faf10333212886549a33c4fcf6b44141b702018","sha512":"8eadf55e31f49edebffdb864eeec76900caf6f5163d2e3cf1988757271bb7c5e2c26c3986b4fe5b2f8953e733ea0c4bf4fb3cce0ec4d1010e20f5125abde3ac7","ssdeep":"","tlshash":"2e4165a9717df8cd9b01c6fda63bb9f1b00f50496b12d3a9b55b0f0a481a4fbb0056e0","first_seen":"2023-06-13T16:46:48Z","last_seen":"2026-06-03T17:25:55.597578Z","times_seen":5768,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/jp.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/jp.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ArKR3VYysjR603WTZixs4soZL%2F3RWnWwNg6s2txa96GKgPMAwecmR9QQ9fC1vla9LJ5gs7LG%2Fho9%2FpxSigEdONHb9mUKJ%2FdiFGhjVFUGDUtkcH%2B87Ig799xNRYnESA%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5553fa24568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":234,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"3a58d8e5d92ed893921b644bebb7cc3e","sha1":"66489712a0cfaa93876ebc7168a32c729fcec066","sha256":"b964f3dd88f2596555a34c7ca3dc575aa061fa455256f0bcbfffaa62ee771c7b","sha512":"b88069e21cfaf5612503a845e79d159b57a71dabf3ce4b25e917dd3348f6371dbcd18469f426b8f9e4c19adcfe5f1b3c33547f8df1144f397fe0b325283ae406","ssdeep":"","tlshash":"a4d0a7a4d169d9c64810cda83eaa32c1554e53373645226bf0477b18e4cd6ef3245b78","first_seen":"2023-04-13T03:03:27Z","last_seen":"2026-06-03T18:49:33.24065Z","times_seen":2406,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/app/(auth)/layout-2f72bfb00bd0ee9b.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/app/(auth)/layout-2f72bfb00bd0ee9b.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4xWrmVvrc0D5zzbqzK5uakr%2F1x0WMItTF%2FIsPjnUs9NE%2FT7yMlOSsViUpYDtY0JpKPXXCBLjsDpNubnQYc1X95U6nn6L0vcWGIXeAIhpumQyIBo88T7TE2ZWLu%2B9ug%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd92568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5634,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5634), with no line terminators","md5":"eeb148fc570d2378a9f4fb4cef9277e8","sha1":"f15bcc479e6192f1c27e2c50e9957c34d69e1dc6","sha256":"28e0352c26286fc5b9430539a76f6e36d0f8ade3679fef2b830ed3805fb8b690","sha512":"0d5e4e9dc24973836af109e4586ee36dfa759ed54863e94049c0c21323043a57cc61354a7d5016b098e269eaabf1fe4be8e76ac9b487c6fe54177f0e396d92c5","ssdeep":"96:XZ8Q2TeV9GCuyzz3qZqCLXx29Hn5G9UV3aQ+7XCrUBTCUBTVy19GCOsY89GC4b6:p8Q2TeCtiz3Xqx29o92d+7XCrUIUvV3g","tlshash":"70c1a5b7b6c5fdb2565688d088378207ba503d37205fb480a7facce53169dca44d1f8a","first_seen":"2025-09-26T22:32:24.049018Z","last_seen":"2026-06-03T09:52:47.521249Z","times_seen":14117,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/css/40fa6be3dd638982.css","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/css/40fa6be3dd638982.css HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9KQNqDMngVGG3Cv8mrPB%2BkwpnZQFxWdHFAc8ou%2FL6UnaIau%2Fk1SQ%2BUW6jcW8z19hLLCUhGu5rRBg0UU3QGhrKb8bUbiCGNkWhLKXKMNmVtCT8I%2BM1CcJZ1sZ6MkaqQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554a9d5f568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57622,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (57622), with no line terminators","md5":"0da964d0208f4802dd75644ac31b3026","sha1":"46d965b868151e52dfd2c53fc058140f0c4f5771","sha256":"2ce3c0cef307ddf6cca8b78cdbf7125028712c4d49a2446a7d1a5d1ac3b07cb8","sha512":"f459456f52bb937bb702a0b0d5e70489e9e152286df15432809881e84e3822419b0d2c36ca05ce759c151719d419abbb0d53d45c8d2b289b81f1b8378de5d9b4","ssdeep":"768:9FVoU9aT1kzyfVrIP//+dEt+PG+dpjnit5gaR:9zr9u1kzyfV8n/+dEt+G+Znu","tlshash":"6743633b4030653c7adbb934bb9ca5893166c4c2b73256edf65abd2ac1c31a73953384","first_seen":"2026-05-20T18:47:35.415639Z","last_seen":"2026-06-03T09:52:47.5309Z","times_seen":967,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/63712-08d55a4030f898f7.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/63712-08d55a4030f898f7.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uQAgMVtX3Pj9v4vaqtqqwfgbvs%2FEbDmmvuePSs4DFIibPfzYyiQFI3i02eGpbbI%2Br9azarHgV5R819fPm0uixkaZBKfmYvykdWtEdSi8Hbz8RJsVCSoQurvcjrJuIg%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd84568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22721,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (22721), with no line terminators","md5":"614fe7514839a09db165d48ad01da840","sha1":"e492263f454db98a8cc2c89c777e5572e854e343","sha256":"4974bda3ce7194ae592697daaccd424e6e8e231bf15187182bf4d16522e9bffb","sha512":"7eee15e6bce48c5b1adfc53ecfd7492109fa6272d866622f055b91ccc80e8bb4e9fdc350413cf4282d6b85b13fa72188cc51445cf6eafb6167d149ad45af1b8d","ssdeep":"384:RSHQzwzI46bFWDyhQ1qqo5W6m4WIQgn1fy4GaQANJVOPe4+snOcT34McbAmrh/2:/dZsunDqNs/AFD","tlshash":"1aa2b449b9d1f47453a3aa51843f440bf2674ea8a05db8d8d367c9e5adb888e4073f3c","first_seen":"2025-09-13T11:18:32.286663Z","last_seen":"2026-06-03T09:52:47.539203Z","times_seen":14113,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/44638-22642ed4434648b0.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/44638-22642ed4434648b0.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=StP4dTqYrVLT4Lbg6E0DC9E9WGCs1NxYTZl3KQPwDF1ylsGxCTOgD660X%2FwlsveEkuYTj2c%2BuE87zmSb6h1%2FzZ4FfIkW63%2F7K4qOZFslYycEhRAUtey0VIhgyw4rlQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd85568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9855,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9855), with no line terminators","md5":"3d0cfae03cd8f321178546f3d44bdf0b","sha1":"d952755162717e7ffadd30a573f4691a19b643c4","sha256":"a80e2f887fe98f5dd1f607d951147f5de620031519c6419ed1fb86e7b6621686","sha512":"56bf305f3b03e0fe79351d4cbfe166bc57557cdd91f72f22b3e967109e1a6f898528a59e5277c857fb69b465ddefaad1e500469821adc64dd225d1ada5986532","ssdeep":"192:e2weKRHbhH/3MO/Y0HURLDJYvYgcn/rNfI21OYR5ZAGPnSwpgy4jdzhJvkC05:/wd/MRLDJGAnjNfF1NVSJZ9y","tlshash":"00123c90b150797613678a62e1ff0706b33b845a5c1f84acb5b488456771e8e01fff9e","first_seen":"2026-03-07T05:32:19.773264Z","last_seen":"2026-06-03T09:52:47.524056Z","times_seen":7232,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/67369-222f9a02bd61134d.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/67369-222f9a02bd61134d.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RoSo74HF1UtAolAw9eFd%2FaaSDiYHLPwuMEWOUMzOPHD6fZ7hf5TlrAZg8Pn5pp4TOaRbaHWKXhRjb3O%2B1DC8xXlP9%2FAS%2F0QeaJm2VFdmpatbabIAq9HV8fI4p%2B2KNw%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd9d568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4883419,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65520), with no line terminators","md5":"c5ee70ca6b0f10be9205923be6019f4d","sha1":"8970f24fdc7a50c908abdf7fd011fe84ab06cf14","sha256":"54353302f4543dabf5579fe09b7789fd62384f6046fa2f39ee36ea54834c3fe8","sha512":"a46dbf384ba5ddd94c97b78e4e38d5c4a84e1444f7c19563e019ceb26ec121ac60d5d5019ae772e37483461f955e7952ddd84d1951c94882156a08c13615e0e6","ssdeep":"12288:z3PyxSJSN87vIomx0wgH+vVUqmAStvp1H/llr9dhLR5EdNbE3aYAILQDEmAx//pY:sNgvIh/V4y","tlshash":"c8250f5ccb9201bdae58adc1ca4770254fe282531fd789ed96bb7e214bb0adf4301e61","first_seen":"2025-12-13T06:46:52.564072Z","last_seen":"2026-06-03T09:52:47.525757Z","times_seen":13438,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/fonts/proxima_nova/stylesheet.css","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/fonts/proxima_nova/stylesheet.css HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/_next/static/css/d4dbba7cd4889f6e.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nIkTh2k4QFQb0IEL1BPixu1ezApuj32MTnjPZMJclpe8aDl3fUC9L3wR09KUioK1PVYu5q6VB8oomSvW3yrzZU8YkHzPWDgveY9UsS6y9J%2FLL2uT96YyykD0ZfMuJg%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554b4dd7568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16511,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"d8931974e63a4dc65335827a00484a23","sha1":"3295703d542b291d258e703d3fb273aa4e71472c","sha256":"5748d69fa891b81b4890fc30b6c589852acd016cc7f8726e4ef93a497f0ee30c","sha512":"a5a858b0359a3571aa1337351eebcbed993af02fc1e9f54d7d87ce39e675d455c46fe9ef7291fbbb80d29d79dc71bf2404e40a902f5ee26fc0187e92b6625cbe","ssdeep":"192:xz6b6dlmqgqYGVNCGAcCh2H5vwCGmhRgSem0pBjqkCY9WTpnOPx/OSW9r0tZxjyL:paG7KUC4ZYCrz2muZHCfWctAH/uNB22","tlshash":"36723942cccdbc624aa6148077fe6ff60b4e28559079ad57ff3c38389d115adc68472a","first_seen":"2026-03-07T05:32:19.76436Z","last_seen":"2026-06-03T15:09:18.072704Z","times_seen":7355,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/favicons/greenColorDSGN.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/favicons/greenColorDSGN.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=O2DVSBbLpJAmv8FoTSToERuIz6GZMdScGKu5%2FjOvrRu%2BQbWPgqQu0Cd4QL1Kic3qpDy6bwrCiD0dfilALFpEO3Nl1G50G21KhVdpBxibFu3TZRk5H0ZkrQJAlAuf4w%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554cde73568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1468,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"50679c0c5e3ed56d05c1d0ed312419a7","sha1":"f9ea27ac71a78da2d61e14b84ea77ce447920d9d","sha256":"c164e1ea36438d14fea9b88996d154275a4c92fd80bfa082c7e00a343f241147","sha512":"163d4097d60ecdcf58cd01ea828e74491b0e27fcf3d40a2e7c56e6c90042d6d9a9b6cb18825052caf8799836ad35a44c1c88ffd2c35ce5d888d23716c27dd0f4","ssdeep":"","tlshash":"a4312e9e77fea185f448e7f8023999b932d36cd33a04d8282bc00c02e98091e9c9588b","first_seen":"2025-09-26T11:40:39.971586Z","last_seen":"2026-06-03T15:09:18.096318Z","times_seen":12127,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/mix/landing_zeus.jpg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_zeus.jpg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 201878\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\naccept-ranges: bytes\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yAinIMk6u1iCiU479t1dd5gwfZxIyV07V3d6VXoCpmHSjY0esHcrJfDpV%2B5ssckW%2B4nxE5ipA32WQ8j1wZK3AWMDEpsqR%2BIznxuDUmTdWevFVHMW6y0XytqtQIkt7A%3D%3D\"}]}\r\ncf-ray: a04a55512837568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":201878,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2368x1028, components 3","md5":"28ddcc23e4d8be01380e65e823904d84","sha1":"fe6cf680ed934ce00bbff66393dd076b15184486","sha256":"ce31ce6181ee64d6d05347285c6b04765859159285cfd706b617e02ab2851839","sha512":"375fd38d2afd987610235da2f48799220b401b999f012bef5d83e079e3f6142bc425d5d78991f35c8df66c88999adbb165399bd5887da34d9e2c9c495d7d327d","ssdeep":"3072:PpZCDctONi+s/9M9EpUdbnP7uAj0Mc85RjRdr/qHrDIDzyiN:L64I99P5InGjRdr/qHrMDWq","tlshash":"001490038c1c8b97e52993e4bd530dac2f592b5ce9813aff05231ecb7e645265dae01e","first_seen":"2026-02-06T07:23:23.986859Z","last_seen":"2026-06-03T10:26:05.765514Z","times_seen":2865,"resource_available":true,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":222,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/fr.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/fr.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KvUFg5DpYDI2wMr4lCtNH7ASEZWTatiWA38hHemtNRZTFbJllBODx5%2FpY%2Fonhiq4EAbbdOAw6TebMY03HlifeNaHs4bRWwDV%2FszgavbIcPqUbZEZNY%2B6zNknMwdwHQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5553fa20568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":270,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"c1a36c711f0ae0ab46c7dce06f63a723","sha1":"5cff6743ac6eed2912288bacd35c363a2d586d18","sha256":"861059eae96aea4c38466209edfad68fbd84ada37bae4ccac92d03011046a524","sha512":"e8d4869bd8d77613770a36de15c23dfade7a3bf3a465c4a6c79be55d9d6660874b5cbb60e631f04964840d3b4d736ceb25f31b30779e8d5ec64023f8e855cdeb","ssdeep":"","tlshash":"f0d02b9dd07de0c448138b703fde31c1418a6326364600dab047272861cc3ef7e40f04","first_seen":"2023-04-07T23:46:38Z","last_seen":"2026-06-03T17:25:55.408532Z","times_seen":6145,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/cn.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/cn.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zN5POu2pHxTSRzZrlvriKexEzjbevR5Nj7%2B0amwrX4%2FDmxzDYLtceCoIqLAaBVtW6MLB9VAuRqqXS3e8CCj1gdRJcF53nA9TlEQs%2FIv5x%2FMNgSzujUk2G3191rhGeA%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5553fa27568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":696,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"d39728b84718665ada444d92579fadae","sha1":"11fb0d75502abe17cc325fc4c77fe0d3f507236d","sha256":"4db67ee7fc03992f7c0d6cc737441c67aac931442267bf896cd78d4c3e97ddcd","sha512":"3e0d290cd9f2b52709fe020527c4888c2a14d0f617de2ac2e4410526838f7b46df1e78cd9d15f6558cae357d8da73cba72efa824b1063dfa36e876d0661c0b88","ssdeep":"","tlshash":"1b01c09dc135e2c845ccc9987f4535ea141ab27a40b134c164c7ba58600bcfcf649a2c","first_seen":"2023-05-17T19:49:17Z","last_seen":"2026-06-03T18:49:33.272362Z","times_seen":2346,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/53069-bc2f18ad589424b8.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/53069-bc2f18ad589424b8.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ai0hZYxkqjlE612rOZhJBpux7f43HzbNpIaDXtQDLc4p34LaWn91NQIpwUVmMlFWzeMRD2yittuGbxaVJ7rydyJqHHyEvP30crGOs%2Fnolr6WA0uiBKDkGMWqmEMbcQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd9e568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":44317,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (44317), with no line terminators","md5":"107cb75a0c53987a209e2e7a8951b55a","sha1":"e8f418769d1d1f2858e2962b291b49ef960e6026","sha256":"34a6db6410f88a7b41716feb828d1982400a702e115250fdb6cbd3a5a618390d","sha512":"325008b525fb11dd0404a45ff42c54c4fce64f5abbc62231131f00fe7053ee9b626f32a7c63b1cfcd26b04ae6b65a99e93b0df665d9a992664c4766827b580a8","ssdeep":"768:9VFYbMnfiNkuGxL2umLBbPEOSQ7Lhkd+0xiFxVuxMgCIw/A33SUYq31kBVVLLEhx:TniNkDe52eh/oVkZL9DxFW0MSdUTB","tlshash":"42131a88633593e8f1c065f8d217649cfeae6aa4e741c470d3b16d11a0c78dc7a66ec7","first_seen":"2026-02-17T15:04:52.286204Z","last_seen":"2026-06-03T09:52:47.50722Z","times_seen":1902,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/57796.e45f39755a070442.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/57796.e45f39755a070442.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZrHutYdrsd2o3CP%2B53c%2FfT0y5MtYjV5VJM4b3WlT%2FQSEVWLgnE0x57aJcEt1EmTYr8KEYTX3bSKVjRazd4sw%2BvNPgBh9FkU%2Bl%2FoylgoqSxf2NFax06ZGAfQ0HEprKQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554e8f11568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":32589,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32519), with no line terminators","md5":"c24306889c066a0c6e45e5a719c217c8","sha1":"fcd9fec48774760225baf46e9b68349387190355","sha256":"54e16bb637371774001af0da9b7ef97c3ea54ed0a6d11d16a0fda0dea88b2cc1","sha512":"9447144ce13d74d63f080b3c10dafc8c0b37511d48498169ee13ab0f8bb21994e2f347f8d4deb66e92f9c409a1adfaec9636ab2a652de003415a7d10651ad7b3","ssdeep":"384:kuqCrrJ7sA6MdMuADbY/7lpbCWU4/RZRY+BJDnYDE0ycob034x3SUQXuzeAL6HxW:7F7sA6WXAInWg5rYMlYzyq4tYdlyBp","tlshash":"a7e2d70f430423b12b9212053f9e18dd772e916573128d5ab9ba916c334e9dab23bbd9","first_seen":"2026-03-07T05:32:19.77685Z","last_seen":"2026-06-03T09:52:47.521773Z","times_seen":7176,"resource_available":true,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":112,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/api/extra/promoIp","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /api/extra/promoIp HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xorawin.com/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: application/json\r\ncontent-length: 16\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K4%2FVIebzdqNc%2Bx1CZo82WhHO3dWqCwbDVBDvHnwkEvJYjXIyMZElX9BLktDENfOPR7ERlCL8W0hQi9lGT26W56Gb6WADxsFtqz87xrAIHv2%2F79akT8CngXllLEHRbw%3D%3D\"}]}\r\ncf-ray: a04a554e9f18568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7363e85fe9edee6f053a4b319588c086","sha1":"a15e2127145548437173fc17f3e980e3f3dee2d0","sha256":"c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97","sha512":"a2fd24056e3ec2f1628f89eb2f1b36a9fc2437ae58d34190630fe065df2bbedaf9bd8aee5f8949a002070052ca68cc6c0167214dd55df289783cff682b808d85","ssdeep":"","tlshash":"f0600003000000a2c000220002382e202080002280000008800c20088a20000208300a","first_seen":"2023-04-05T04:17:27Z","last_seen":"2026-06-03T19:56:04.558811Z","times_seen":151247,"resource_available":true,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/holiday/top.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/holiday/top.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dsPWdFGqHD1WaKjko7ooEnTUgFonsTp0gQA9Ifh91Ng1IkxWro0ZBz9yq9Um8HBF9O2cNBEcQXxBh1V9s91J1WGJR8mKKtU2U5Adw5B07A3VhCeU7ryCGl%2Bs8aymZg%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a55505fd8568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":109971,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"765e4b902462e81209a68203122c5462","sha1":"c8a22e10bde49777ae443e9f3a3b6bf474659b68","sha256":"0d81c69880f645eaa8ad5bc7f874fe5c302d163c6ddf8e2b2e5633c222949f88","sha512":"d34eb7f720beacdf9d545cc1219a56e2a26b05477d98d9ed188c116bc9319de2f49db046893a0ad1680ae6a9c81bf69190f5de47bc94fef0b5f99049f36a65df","ssdeep":"1536:TVcmxdYMDacj729Kbg1AsjwaT2ROc8n6GheoROmsrLc8h7CJaEukrWE/A:x/FDa42Kg17nZtgER+","tlshash":"47b3f9fd6b6185e0eecf8af1dd3649907f1b34fe2b52525482a4ee607833e58894cd90","first_seen":"2025-12-07T15:18:05.795582Z","last_seen":"2026-06-03T10:26:05.755188Z","times_seen":5514,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/greenColorDSGN/mix/landing_girl.jpg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /greenColorDSGN/mix/landing_girl.jpg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 78517\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\naccept-ranges: bytes\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LHOafv54vpW94DHlgKag4jhsV7BguHAneltf9y5O0APYnxvKZo31InPgPnvvKaAFlRLMbkcWQqKk1BqPuUhYr30XeBZ7g2rX%2Fgr526rv6Ut6Jy5HlZjKOK0ZKPQqug%3D%3D\"}]}\r\ncf-ray: a04a55505fd9568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78517,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1184x514, components 3","md5":"8d25c1c54ad4e4fda7a046718150d345","sha1":"040d0a141110b4931b44882a4a7f684c1d88ccc8","sha256":"396fd7d00555a14daf95d589cb71ca04832cb73a1f4d7526dfe1230cf289d24a","sha512":"55594743a12b9482a937157f0e70d6b72938d8ef197ba4592fb0be93af2aeb2c637a17bbf74a269a3074cf9dc5a95ffb86ba0b5580b0a7fbd353eb863369e0d8","ssdeep":"1536:5UoMN6p0PBEXSUrkj4srs72ZEsEsKuU/jfT7OxIlp:TMNw05cSUrUrAjvu2jQSp","tlshash":"2c730247ee4840f69c1d4cb47c961c6e7f602aad2d725a0d3b124ec52bc3b8aec7e456","first_seen":"2026-02-06T07:23:23.951452Z","last_seen":"2026-06-03T10:26:05.733214Z","times_seen":2861,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/de.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/de.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uy2x0nESje1ohI%2F4%2BgtD9SD1rLnMM5VUPlhcti%2FM4QmcpfeM%2BbgrIQw%2BAbAgagmuYZzH9mbQ%2BN6AdtcEMWjS1KphWJxEXB8%2FRVx8dJk1iLyA6B0mpGkzMhH2n7g%2BEQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:22 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5553fa1f568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":271,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"939afd91bea7074f84f4a328ca095295","sha1":"1a8edb7520cb812fd35996134ae823fe8ade03d9","sha256":"8e3c8f938c6fc4fc97c81f398a71d0d789b44b6be458469d7056372a2c05837a","sha512":"a3922e78b9ac5209cabea2c0945d474d24035a4e78297b3105779cea945b931ae83a59ffbf73e2877f2da42e0ff7fb5f23c297c1d7f7d09da3644ed63d82ef6c","ssdeep":"","tlshash":"c7d02bd8506ae8c04d16c7603e6c32c1288a6259238800dff0835338a6cb7ceb745f50","first_seen":"2023-07-03T07:07:12Z","last_seen":"2026-06-03T17:25:55.604347Z","times_seen":6140,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/css/d5d814653c95d42c.css","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/css/d5d814653c95d42c.css HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c7qkT2EwfakvHD2KPH8J82svF9KSx5qcb93C2fYfXjApp1p61dgkTkwFp%2BNWopOOj7O9IsxJ3DoPp3A4JzFEgJEWy2Z1NjqSOX2ygjTBuxn8BX%2F5xSrvCkki03mT1w%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554a9d64568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":930,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (930), with no line terminators","md5":"ea0252aa2ca749c4f181c8b84147d539","sha1":"2a7f176841603311eb75eb234e61b47c42636cd2","sha256":"2ec79c3b12972b35f93eb8d3985989f5bdd5a7c101887ced5946e7f352030202","sha512":"a205d9bba5cf2405f120c184552374fee680ac450d575ecaf855b22200fa06748f4d5e63ab625b528f5b7fa6ce38077d9c986dde97adb759ae7dad71663332fe","ssdeep":"","tlshash":"7f11bd9b8573e6aa782be4400947730945ae584adea606b0f003c1e548ef7ea735460c","first_seen":"2026-04-14T16:12:13.07527Z","last_seen":"2026-06-03T09:52:47.538639Z","times_seen":6101,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/82849-35d68a185f8daedd.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/82849-35d68a185f8daedd.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OSmXnRNXeg6r6HhHlcqYqgqoCOOKyY3miGcVOtlG0O5%2B%2BLPX%2BzFnoW0ZZNZVW5RlHa%2FW11GoTUijkh5IUDrm9jCFMWAQNQs62GfXfiAtcThxqZiFLxjChZ%2BDB6cGCQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd99568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":180626,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"3d8603d8e0135f562bf9ab67325e9b3c","sha1":"9d631773a5b4011f66b9e5fd568e61712607b308","sha256":"d9eb7914de9899abfb7a33535e716c0fde37e67449d390778c8ddbbc4641b020","sha512":"db9398a7771fbf68e94f48c2868a1a236fe367c553e11ebe05d2552d0d2cfbe2b314d3463d7e314deec6b3fc910660aaad9604a7f9827057298c2c1c0167db9e","ssdeep":"1536:4UcXlryCtX55mQPVpmsuIurLJmvU340MLsUDG3BZN2EaZxVcGR5c7dhP3Whj21ma:3+s","tlshash":"b904d5debba0a2f4f005e7f8d7124468366b39fe6e52ca68c3a91d15e90108cdd59dc3","first_seen":"2026-04-01T07:30:57.189898Z","last_seen":"2026-06-03T09:52:47.513235Z","times_seen":7007,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/api/extra/holiday","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /api/extra/holiday HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xorawin.com/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: application/json\r\ncontent-length: 29\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OoNk%2BbN0wexktgIdnjd7UvEIT5PC1P9rcmsuAIOzk9NNWlLwFUEkESsUDAfDm4x9d3GyIuRHboq88LsRXKrV7rD2Tno5hUh84uMr9EFtsEPvi4%2BRbAkfIHz9IDhDIg%3D%3D\"}]}\r\ncf-ray: a04a554e7f09568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"64bd1ee4cca69558fca5317e81a2b469","sha1":"7be9c89474e4f8526395703aacc31165a48f6c7f","sha256":"5ec7611613d86543be443ebd6f2043ba9cb5379a9e39e7b37c8fa3d7e88278d5","sha512":"457194cab8d05978a245ca36617cb89d474ddeb0c1181e5d5e29f03a092c21fea68332e1e7bd23c01a2721aa304d67822888fe41d01b69f83da3eed5e149bc25","ssdeep":"","tlshash":"228000022a2008aac808228002382f0028a8222ba0002008e08ca008eaa2022308382b","first_seen":"2023-06-17T21:25:09Z","last_seen":"2026-06-03T09:52:47.544523Z","times_seen":11885,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/39801.e01872e3fd4ce998.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/39801.e01872e3fd4ce998.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5LoR0CItiAh1m55qWVimKA4gfOws70%2FMi2uzFqidkeAf5ZMDJfTuC2u0f7VjCYmwP5RoMPcejcsyljfp47BZkRi3hIwKuOVFvqpzBVmL8ejx%2B8WgFGJRiYL%2BbdJF5Q%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554e8f12568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":108727,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65270), with no line terminators","md5":"a256619c7d126c5f94a778e4cb0e1f9a","sha1":"0bcc2f275701e748cd99ee1b74e08332e54465f0","sha256":"9e264fd41ff4eee9bd187c5c900cd97ac15416526380e97e8f2815f342b62e0f","sha512":"469268ea61e3ede751a9b6b6920c9f3238622ae5f736d009f11d9b80a41b20b25e739685e1a99d4dd86e989dfa40518f440cbc86674f603317a079715f35c5bf","ssdeep":"3072:pRrcfJstYNwTXVN16F+ZbBiOiiyXnbAlHq:ostY5GVGbAQ","tlshash":"28b3f80f420813f22f921202369f69deb72f515563668d6578edd03c234e9e9a23bbdd","first_seen":"2026-05-20T18:47:35.40812Z","last_seen":"2026-06-03T09:52:47.540331Z","times_seen":959,"resource_available":true,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/api/mammoth/auth/check","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /api/mammoth/auth/check HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xorawin.com/\r\ncontent-type: application/json\r\nauthorization: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: application/json\r\ncontent-length: 38\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FtlDGMCjj%2FXoi9LvmRhrq7%2BN72kmfIb9I4RPfRcjBa5O3xZI0EEQ5b3H0ZUpImfh8JgRTY1ye%2FfZOJylNazyYXxvf0YeoeqRV3%2FDO0zCWkC%2FFLeMJHPEk9%2BeX1%2Ft4A%3D%3D\"}]}\r\ncf-ray: a04a554faf8a568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"aced0d4c1bf7b416bd8757e86c69b12e","sha1":"242609e9dc75daa64e55af8d8254cdc02722ee92","sha256":"831690950d50aa783757553ff7dce0e549b2bf0c29fcc850ee8ef7a7f6bb54fa","sha512":"8c854561d71566fbd9d1e18c91f1bd391cbedf2b2e8b52d84205d4f773f36b14bfd5d3ca2cba9f5a300b8d96b025ab3eee5d5e3a19985e78386e04584e24d0b3","ssdeep":"","tlshash":"8d80040115000173f4001144113c1d115c54533745410014fc7cd0c4c7530d53043c17","first_seen":"2025-09-13T11:18:32.558363Z","last_seen":"2026-06-03T10:26:05.730155Z","times_seen":13928,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/holiday/top.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/holiday/top.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T19:55:50.407409Z","times_seen":16088471,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/global/countries/gb.svg","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:30.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /global/countries/gb.svg HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:30 GMT\r\ncontent-type: image/svg+xml; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XB%2Fj6pBzNPi3vWVeEfMiJs8Y5m40yHg9UxEGL6koIuK%2Bio6u%2BPYt7KG%2FEClcMjh9n8DK01yJs30TriKHVJrbXjfUaqvMH%2F3uRdriaANAFw9UCd5o2zOmB%2B%2B2rfuNPQ%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a5551988a568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1183,"size_decoded":0,"mime_type":"image/svg+xml; charset=UTF-8","magic":"SVG Scalable Vector Graphics image","md5":"99a9e5571c2f5acd9cb910ce6a3f39a6","sha1":"876935939a01dae371583220f75bef15b5185c68","sha256":"5ff2f32ed6905d887f7d771029c1e65b1ef059e92260b548908cabb4e886bf19","sha512":"14cfeeacd8e2f9b67bf2e1f5b2823a98fc60854fca5afd0b10be72ad647ffd38aa4058188451c98e2045628706f0b84dcad508fa901ce146705102fed962de1a","ssdeep":"","tlshash":"ea2163c84370b5c059a74fba9f28a2dc924925f9ddc96ecd10be0538445ff5ed01f009","first_seen":"2023-05-08T16:47:32Z","last_seen":"2026-06-03T17:25:55.55269Z","times_seen":6358,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/chunks/58211-d9d578b8de9e3293.js","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/chunks/58211-d9d578b8de9e3293.js HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h%2F7Ov2VxZmVeZMU8tATIfCnxb7i7pl%2F7V34NU7Xi%2FKBUdhKZNOs9dkVVr8K9UvYl%2BqhcwyJsO0Ux%2FD4ZUozfrukYODpRxFf%2BC27QTAKR%2FPDnNsRjCZ8j6hJjdyepCg%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554acd93568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39725,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39725), with no line terminators","md5":"f7d84948f8ca0ff495e7533d0969b670","sha1":"3330c776cfbb7ea04d30b89a9686eaea35f24747","sha256":"2180eecb87df810a0f91771ce87e9c4f6e185e9011d00147eef0ca9c7ed750c1","sha512":"04a5f0711a52dd8bcfe0ea6d66662ed5e0a8610c8caffe461a8c8178f8f40e55b4c40c7ea11716a7dce1631534f5e22f9c5d86393e31835bcc686e4aa6254c85","ssdeep":"768:01KE8vZ7HInPlFvvb5AvexGRrxVP1fr4UK1fWbqYsCL1fZnK+jBV9YCO:0voWV","tlshash":"f20399866740a83d2587c16fd63a6415f3bf14ebb92f9390219aca3cf506dc0f5365e8","first_seen":"2025-10-16T04:05:32.927959Z","last_seen":"2026-06-03T09:52:47.545541Z","times_seen":14042,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xorawin.com/_next/static/css/d4dbba7cd4889f6e.css","fqdn":"xorawin.com","domain":"xorawin.com","tld":"com"},"ip":{"addr":"104.21.92.9","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xorawin.com/","date":"2026-06-01T01:09:29.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xorawin.com","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Thu, 28 May 2026 17:45:22 GMT","end":"Wed, 26 Aug 2026 17:45:21 GMT"},"fingerprint":{"sha1":"C0:9C:02:95:77:85:74:C5:3E:0D:4E:0B:A9:39:DD:CC:66:C8:C3:15","sha256":"F5:5C:FC:33:AD:57:4A:02:CD:9A:AA:DC:6B:CE:06:49:F0:7F:00:6F:DA:93:C0:FD:A6:EC:F8:7C:F2:EF:27:C5"}}},"request":{"raw":"GET /_next/static/css/d4dbba7cd4889f6e.css HTTP/1.1\r\nHost: xorawin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xorawin.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 01:09:29 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin\r\nage: 2888\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OcW2ksdPwvJWiqxnATrMyFZab2f6lVnMA%2FOQE2kljbKJeniFG38zR2Re4xKkflGtaDfg8IDQFTmDkUWrxTFFRhlWum09b4%2BQRrwTiezNecWyU6ScPsuyvXL%2Fki0oGw%3D%3D\"}]}\r\nlast-modified: Mon, 01 Jun 2026 00:21:21 GMT\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: a04a554a9d5d568d-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8912,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (8912), with no line terminators","md5":"14fa61a011b8e8cf726630cf0206fc19","sha1":"6de38f0fd7d521847061706234892f4731ef9aeb","sha256":"3d0b8817a44a043ae48fc8ad7c8ecc03ad846be0e6628db6eb09f54740df9be9","sha512":"5dfa4d762937c8bfef6d04725dd4067f9259749ac738b0844f82d8b81a2e3ba847988785a6559b5fd2671ff4fc1f9f677e69d5a5c255f047fa4c2a4016531491","ssdeep":"192:SWJhP3QmRtK1Sr1MmGs4ir/MmGhxorc6UAPHjvhGTR9:ScQmzK1Hmz4fmfe","tlshash":"e902c93fb311a072414b4f4d8993af7a996ee186d7136a6ba0d4080cf3ce5d114e5edb","first_seen":"2026-03-16T20:04:49.237974Z","last_seen":"2026-06-03T09:52:47.518113Z","times_seen":6620,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"xorawin.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"xorawin.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}