{"report_id":"4eeabc08-dfdc-48f5-979d-0eaef1864ff9","version":6,"status":"done","tags":[],"date":"2025-12-30T02:16:22Z","url":{"schema":"http","addr":"e35l6y.bigbaozifool.top/","fqdn":"e35l6y.bigbaozifool.top","domain":"bigbaozifool.top","tld":"top"},"ip":{"addr":"172.104.149.86","port":0,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"e35l6y.bigbaozifool.top/","fqdn":"e35l6y.bigbaozifool.top","domain":"bigbaozifool.top","tld":"top"},"title":"bigbaozifool.top","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"e35l6y.bigbaozifool.top/","fqdn":"e35l6y.bigbaozifool.top","domain":"bigbaozifool.top","tld":"top"},"ip":{"addr":"172.104.149.86","port":0,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-03T02:16:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"e35l6y.bigbaozifool.top","ip":{"addr":"139.162.181.76","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"domain_registered":"2024-09-10","domain_rank":0,"first_seen":"2025-12-30T02:16:22.725656Z","last_seen":"2025-12-30T02:16:22.725656Z","alert_count":16,"request_count":4,"received_data":43740,"sent_data":1921,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ep1.adtrafficquality.google","ip":{"addr":"142.250.178.98","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-11-17","domain_rank":3093,"first_seen":"2024-07-24T04:17:49Z","last_seen":"2025-12-28T22:45:31.755921Z","alert_count":0,"request_count":1,"received_data":11383,"sent_data":547,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.google.com","ip":{"addr":"142.250.178.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2025-12-28T22:22:31.188277Z","alert_count":0,"request_count":1,"received_data":134744,"sent_data":450,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ep2.adtrafficquality.google","ip":{"addr":"142.250.178.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2023-11-17","domain_rank":3229,"first_seen":"2024-08-13T12:56:28Z","last_seen":"2025-12-29T00:15:51.204546Z","alert_count":0,"request_count":2,"received_data":34546,"sent_data":1004,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"e35l6y.bigbaozifool.top/_static/doais8fj34.js?nonce=3575","fqdn":"e35l6y.bigbaozifool.top","domain":"bigbaozifool.top","tld":"top"},"ip":{"addr":"139.162.181.76","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"1cceae149f74ec97cc95da4d6035db1e","sha1":"b309ab93f61d126efa47d2bba6a2db45d2beef8e","sha256":"9f7aa6c8bb78dbe852d42707df6c841ede8bd135ed3958215004505493f59756","sha512":"a34258b7eda1fa1419682fd98a40d8e2fc291d25d8f13411ce7fe731c66d49c1240168a413b09d6fbb81f87a94873d8e17cfbce528e8e8311af29d8301775cd0","ssdeep":"384:4qK6nuPD+BLPlouf8gVxV0cG80Bg5eyXOJAFN/h6lmAmAPVe4mOvmLYEq1Mw:3nuDWPyLMiNS5w","tlshash":"47f294191ab3113558b350ae6b5b72063222d0032909fe59bd5cc348afc9ebced73bd9","size":37208,"data":"","first_seen":"2025-09-30T22:13:10.604809Z","last_seen":"2026-02-06T20:09:56.257186Z","times_seen":6061,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026abpgo=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.178.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"226d8b922a47d1d01896328ac5f29080","sha1":"228b48495e20d50326164178f4e05c1df4c8e630","sha256":"f95fea007424808c54a06a6bd7a7e0297f46d00d9bdf134afa78245f7e3903fc","sha512":"da97c330d247dab15073920cde860a1491c147eb2ce02a1e917a6ffc6e7b5bbab681395d3a3e394685091a2956ca62a15b2704d32cc5a1d0caae25036c86149c","ssdeep":"1536:MzL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:XuydkXiR5zzTq+bxpD3ZV4T","tlshash":"9bd33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","size":134027,"data":"","first_seen":"2025-12-11T16:42:36.25698Z","last_seen":"2026-01-07T19:22:29.46074Z","times_seen":14588,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2.js","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.250.178.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a8fe3ea2f81e289e6b14222e898086c5","sha1":"0e9a1227955675736e02c596906bee72bc33d7d6","sha256":"a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623","sha512":"3bd99998aa1b5d7543775769952adc52809f861ca023b6daadf6b7d23411411a6a9470d98c7b8543573e9a6047a24e14b5feaf45e14a22d98e64d0f019718670","ssdeep":"384:dxSMqC/d0d0lxDKyqdeWFy3Wxy9cT4nGllKnnk0TEYRWjfJtncu:i0qKlYyqdeWk3Z9w4G+tFWjfJtnZ","tlshash":"8892c6cab6d2f4624363b9b1a13f100ff13eaca9d84c5464a084e4e0bd759a94367f7c","size":19990,"data":"","first_seen":"2025-05-19T23:59:48.474751Z","last_seen":"2026-02-26T18:27:55.354921Z","times_seen":175417,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"e35l6y.bigbaozifool.top/","fqdn":"e35l6y.bigbaozifool.top","domain":"bigbaozifool.top","tld":"top"},"ip":{"addr":"139.162.181.76","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-30T02:16:00.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bigbaozifool.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 18:20:49 GMT","end":"Thu, 19 Mar 2026 18:20:48 GMT"},"fingerprint":{"sha1":"6D:8D:F4:ED:1B:44:4E:A8:99:03:80:99:CC:69:ED:67:9C:37:6E:32","sha256":"64:D4:BF:2D:81:0D:97:0B:DD:B5:20:F9:60:5C:CE:35:07:E7:1D:2A:37:D8:87:90:DC:AC:09:0B:F9:EA:55:C4"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: e35l6y.bigbaozifool.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.27.1.2\r\ndate: Tue, 30 Dec 2025 02:16:00 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4193,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"6d07fc196ffbb742d78de4ba9d55b315","sha1":"bc1150560bfdd246898099bdf7b02eb23bfe33bc","sha256":"a744791c4ca16bd14a4a42017914b6f73b8dab8f0c070e679b9fb1310729b0b2","sha512":"408ba348033e70bd2e73da5832ef2925cdb3e9cfb632e66aac01bc9a634e1f7ba0ecf09808e6f2cb25faf663cf04aed5810e36820fdb4e2598bc38c047c0ecd9","ssdeep":"96:/kZnb6EGo0QT7EAOc7uV1g/zDE14lZyxIW:/kZnb6EGo0QT7EAOcK0G43yxIW","tlshash":"7b813f1559f3101a6553e03837eaa25e1a68ea1b930fdde83ecc4240cfc57a99dd3388","first_seen":"2025-10-20T20:09:11.733555Z","last_seen":"2026-02-04T02:36:58.265943Z","times_seen":1145,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":70,"dns":13,"connect":25,"send":0,"wait":24,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"e35l6y.bigbaozifool.top/apple-touch-icon.png","fqdn":"e35l6y.bigbaozifool.top","domain":"bigbaozifool.top","tld":"top"},"ip":{"addr":"139.162.181.76","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://e35l6y.bigbaozifool.top/","date":"2025-12-30T02:16:00.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bigbaozifool.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 18:20:49 GMT","end":"Thu, 19 Mar 2026 18:20:48 GMT"},"fingerprint":{"sha1":"6D:8D:F4:ED:1B:44:4E:A8:99:03:80:99:CC:69:ED:67:9C:37:6E:32","sha256":"64:D4:BF:2D:81:0D:97:0B:DD:B5:20:F9:60:5C:CE:35:07:E7:1D:2A:37:D8:87:90:DC:AC:09:0B:F9:EA:55:C4"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: e35l6y.bigbaozifool.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e35l6y.bigbaozifool.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: openresty/1.27.1.2\r\ndate: Tue, 30 Dec 2025 02:16:00 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"1620e905665c273e91a8cb2a00df1509","sha1":"e0ea169369ad349affad0f6d41987a73fea0280f","sha256":"5a41c6b1c3d5061adbd15744312c919ee4a639abc0572a2927b06838bec1a6ed","sha512":"e68b327c2831cbadcf332943242c8c800b82a888960465fbf394e2b790b71694dc99ad26dc35326e9bde0b322e1a835fff997b7656772edf4e1e261acd13cfda","ssdeep":"","tlshash":"32c02b6d2c137e0c86a330b636c37490c1878337f57e41114480805770cf1998ac33ab","first_seen":"2025-04-14T16:48:50.204909Z","last_seen":"2026-05-21T14:43:36.028414Z","times_seen":9373,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ep1.adtrafficquality.google/getconfig/sodar?sv=200\u0026tid=afs\u0026tv=1234567890\u0026st=env\u0026sjk=K1+MzsnsRcOlzvbNuNSEZw==\u0026sde=1","fqdn":"ep1.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.250.178.98","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://e35l6y.bigbaozifool.top/","date":"2025-12-30T02:16:01.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 16:00:04 GMT","end":"Wed, 25 Feb 2026 16:00:03 GMT"},"fingerprint":{"sha1":"3F:6B:79:EB:6A:36:69:37:B8:80:08:17:24:3C:C7:A5:F2:4C:1D:A6","sha256":"C1:88:6A:43:5F:52:63:57:56:27:18:5B:53:42:8D:AC:C0:80:AB:8C:59:0D:49:81:7A:83:6D:01:14:14:78:6E"}}},"request":{"raw":"GET /getconfig/sodar?sv=200\u0026tid=afs\u0026tv=1234567890\u0026st=env\u0026sjk=K1+MzsnsRcOlzvbNuNSEZw==\u0026sde=1 HTTP/1.1\r\nHost: ep1.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://e35l6y.bigbaozifool.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e35l6y.bigbaozifool.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\ncontent-type: application/json; charset=UTF-8\r\nx-content-type-options: nosniff\r\ncontent-disposition: attachment; filename=\"f.txt\"\r\ncontent-encoding: br\r\ndate: Tue, 30 Dec 2025 02:16:01 GMT\r\nserver: cafe\r\ncontent-length: 8181\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10826,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"afafa3b9cb554a1e4146a350e38827be","sha1":"f165fd4a47b73dce7fefeeaf9dd1f04d395010ee","sha256":"1efb0f89ea3147844ba20767ce11c5f6a2bec4688324a2872e4a3e0e891d8eea","sha512":"fbc95443fed751240ce2472eba1c35ea2b28238169417993413bbbb3ffc2c112d20fefabcc7b8b4f91f5ab4f448def91cda37774a6890f097d66dedc00216dc9","ssdeep":"192:2aROyoZ4v7Uq/15u6qS4o9+rogWUiKxTT6HIfqdp5cu28mrpP1j6wguZhpc:2aRLoN2q3S4otXKxTTpfiBm9P12wguZ0","tlshash":"5822d0572d124039e4c56d46e22cd82eba2de1fdb939c3a44adcd1669d15f32e0f7208","first_seen":"2025-12-30T02:16:23.806611Z","last_seen":"2025-12-30T02:16:23.806611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":103,"dns":3,"connect":28,"send":0,"wait":54,"receive":1,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"e35l6y.bigbaozifool.top/_static/doais8fj34.js?nonce=3575","fqdn":"e35l6y.bigbaozifool.top","domain":"bigbaozifool.top","tld":"top"},"ip":{"addr":"139.162.181.76","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://e35l6y.bigbaozifool.top/","date":"2025-12-30T02:16:00.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bigbaozifool.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 18:20:49 GMT","end":"Thu, 19 Mar 2026 18:20:48 GMT"},"fingerprint":{"sha1":"6D:8D:F4:ED:1B:44:4E:A8:99:03:80:99:CC:69:ED:67:9C:37:6E:32","sha256":"64:D4:BF:2D:81:0D:97:0B:DD:B5:20:F9:60:5C:CE:35:07:E7:1D:2A:37:D8:87:90:DC:AC:09:0B:F9:EA:55:C4"}}},"request":{"raw":"GET /_static/doais8fj34.js?nonce=3575 HTTP/1.1\r\nHost: e35l6y.bigbaozifool.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e35l6y.bigbaozifool.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.27.1.2\r\ndate: Tue, 30 Dec 2025 02:16:00 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 30 Sep 2025 20:00:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68dc36f2-9158\"\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37208,"size_decoded":0,"mime_type":"application/javascript","magic":"C++ source, ASCII text","md5":"1cceae149f74ec97cc95da4d6035db1e","sha1":"b309ab93f61d126efa47d2bba6a2db45d2beef8e","sha256":"9f7aa6c8bb78dbe852d42707df6c841ede8bd135ed3958215004505493f59756","sha512":"a34258b7eda1fa1419682fd98a40d8e2fc291d25d8f13411ce7fe731c66d49c1240168a413b09d6fbb81f87a94873d8e17cfbce528e8e8311af29d8301775cd0","ssdeep":"384:4qK6nuPD+BLPlouf8gVxV0cG80Bg5eyXOJAFN/h6lmAmAPVe4mOvmLYEq1Mw:3nuDWPyLMiNS5w","tlshash":"47f294191ab3113558b350ae6b5b72063222d0032909fe59bd5cc348afc9ebced73bd9","first_seen":"2025-09-30T22:13:10.604809Z","last_seen":"2026-02-06T20:09:56.257186Z","times_seen":6061,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"e35l6y.bigbaozifool.top/_d","fqdn":"e35l6y.bigbaozifool.top","domain":"bigbaozifool.top","tld":"top"},"ip":{"addr":"139.162.181.76","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://e35l6y.bigbaozifool.top/","date":"2025-12-30T02:16:00.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bigbaozifool.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 18:20:49 GMT","end":"Thu, 19 Mar 2026 18:20:48 GMT"},"fingerprint":{"sha1":"6D:8D:F4:ED:1B:44:4E:A8:99:03:80:99:CC:69:ED:67:9C:37:6E:32","sha256":"64:D4:BF:2D:81:0D:97:0B:DD:B5:20:F9:60:5C:CE:35:07:E7:1D:2A:37:D8:87:90:DC:AC:09:0B:F9:EA:55:C4"}}},"request":{"raw":"POST /_d HTTP/1.1\r\nHost: e35l6y.bigbaozifool.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://e35l6y.bigbaozifool.top/\r\nContent-Type: application/json\r\nContent-Length: 294\r\nOrigin: https://e35l6y.bigbaozifool.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":294,"data":"{\"referrer\":\"\",\"current_location\":\"https://e35l6y.bigbaozifool.top/\",\"redirect_count\":0,\"user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"window_info\":{\"href\":\"https://e35l6y.bigbaozifool.top/\",\"hostname\":\"e35l6y.bigbaozifool.top\",\"pathname\":\"/\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty/1.27.1.2\r\ndate: Tue, 30 Dec 2025 02:16:01 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nset-cookie: session_id=ddbd7c7a14e0352602f0d1d325ad8b42; Max-Age=86400; Path=/; HttpOnly; SameSite=Lax\r\nstrict-transport-security: max-age=0; includeSubDomains; preload\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":988,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ec5344addc6ec4b456812f28ce9ff3f1","sha1":"3de1ad2716245e7d88bb6b2773cfd0dd5bb425fc","sha256":"5bc8426b84cfa6e1302efd88f99653bfcaa12fb812ae3d48450fca42a272203a","sha512":"48d171345ac5f86dde2573ae94b6251633e43587dd4e071d147738370c92366d39dbb880691e4c2ffabfc8381c6fca1b8c317bc999b8b490aa8c9fc12170a5dd","ssdeep":"","tlshash":"6011ed04d434697a49e2c3ee540bfe1b09ebd611a0c95f5ddeb4c9282aee8dd134420c","first_seen":"2025-12-30T02:16:23.809132Z","last_seen":"2025-12-30T02:16:23.809132Z","times_seen":1,"resource_available":false,"data":null}},"time_used":832,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":832,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-30","alert":"Sinkholed","trigger":"e35l6y.bigbaozifool.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/adsense/domains/caf.js?abp=1\u0026abpgo=true","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.178.100","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://e35l6y.bigbaozifool.top/","date":"2025-12-30T02:16:01.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:57:31 GMT","end":"Wed, 25 Feb 2026 15:57:30 GMT"},"fingerprint":{"sha1":"68:80:26:07:1C:4F:AC:C8:FF:32:F4:DD:86:41:D6:6E:85:27:90:D4","sha256":"6D:27:81:39:F2:6D:26:4E:B8:CE:4F:0B:02:95:B6:5D:C4:E2:58:C9:A9:A0:80:1D:02:70:91:FB:E9:98:E6:8B"}}},"request":{"raw":"GET /adsense/domains/caf.js?abp=1\u0026abpgo=true HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e35l6y.bigbaozifool.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-type: text/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"ads-afs-ui\"\r\nreport-to: {\"group\":\"ads-afs-ui\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/ads-afs-ui\"}]}\r\ndate: Tue, 30 Dec 2025 02:16:01 GMT\r\nexpires: Tue, 30 Dec 2025 02:16:01 GMT\r\ncache-control: private, max-age=3600\r\netag: \"12987528940678181325\"\r\nx-content-type-options: nosniff\r\nlink: \u003chttps://syndicatedsearch.goog\u003e; rel=\"preconnect\"\r\ncontent-encoding: gzip\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":134027,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2840)","md5":"226d8b922a47d1d01896328ac5f29080","sha1":"228b48495e20d50326164178f4e05c1df4c8e630","sha256":"f95fea007424808c54a06a6bd7a7e0297f46d00d9bdf134afa78245f7e3903fc","sha512":"da97c330d247dab15073920cde860a1491c147eb2ce02a1e917a6ffc6e7b5bbab681395d3a3e394685091a2956ca62a15b2704d32cc5a1d0caae25036c86149c","ssdeep":"1536:MzL751Jqc2HyP0SuRPmym0pO1s8dsR5qxyzT/ghgOKWYZjAartrvpD3pduCxAXtB:XuydkXiR5zzTq+bxpD3ZV4T","tlshash":"9bd33acdb3a1342643a3a5b5607f414fb139b8a5a40c88a4f199d8e87c74dad4237fbd","first_seen":"2025-12-11T16:42:36.25698Z","last_seen":"2026-01-07T19:22:29.46074Z","times_seen":14588,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":109,"dns":1,"connect":15,"send":0,"wait":28,"receive":0,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2.js","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.250.178.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://e35l6y.bigbaozifool.top/","date":"2025-12-30T02:16:01.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 16:00:04 GMT","end":"Wed, 25 Feb 2026 16:00:03 GMT"},"fingerprint":{"sha1":"3F:6B:79:EB:6A:36:69:37:B8:80:08:17:24:3C:C7:A5:F2:4C:1D:A6","sha256":"C1:88:6A:43:5F:52:63:57:56:27:18:5B:53:42:8D:AC:C0:80:AB:8C:59:0D:49:81:7A:83:6D:01:14:14:78:6E"}}},"request":{"raw":"GET /sodar/sodar2.js HTTP/1.1\r\nHost: ep2.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e35l6y.bigbaozifool.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"adspam-signals-scs\"\r\nreport-to: {\"group\":\"adspam-signals-scs\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs\"}]}\r\ncontent-length: 7188\r\ndate: Tue, 30 Dec 2025 02:16:01 GMT\r\nexpires: Tue, 30 Dec 2025 02:16:01 GMT\r\ncache-control: private, max-age=3000\r\netag: \"1747411493688989\"\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19990,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (1398)","md5":"a8fe3ea2f81e289e6b14222e898086c5","sha1":"0e9a1227955675736e02c596906bee72bc33d7d6","sha256":"a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623","sha512":"3bd99998aa1b5d7543775769952adc52809f861ca023b6daadf6b7d23411411a6a9470d98c7b8543573e9a6047a24e14b5feaf45e14a22d98e64d0f019718670","ssdeep":"384:dxSMqC/d0d0lxDKyqdeWFy3Wxy9cT4nGllKnnk0TEYRWjfJtncu:i0qKlYyqdeWk3Z9w4G+tFWjfJtnZ","tlshash":"8892c6cab6d2f4624363b9b1a13f100ff13eaca9d84c5464a084e4e0bd759a94367f7c","first_seen":"2025-05-19T23:59:48.474751Z","last_seen":"2026-02-26T18:27:55.354921Z","times_seen":175417,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":49,"dns":1,"connect":15,"send":0,"wait":26,"receive":1,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ep2.adtrafficquality.google/sodar/sodar2/237/runner.html","fqdn":"ep2.adtrafficquality.google","domain":"adtrafficquality.google","tld":"google"},"ip":{"addr":"142.250.178.33","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://e35l6y.bigbaozifool.top/","date":"2025-12-30T02:16:01.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adtrafficquality.google","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 16:00:04 GMT","end":"Wed, 25 Feb 2026 16:00:03 GMT"},"fingerprint":{"sha1":"3F:6B:79:EB:6A:36:69:37:B8:80:08:17:24:3C:C7:A5:F2:4C:1D:A6","sha256":"C1:88:6A:43:5F:52:63:57:56:27:18:5B:53:42:8D:AC:C0:80:AB:8C:59:0D:49:81:7A:83:6D:01:14:14:78:6E"}}},"request":{"raw":"GET /sodar/sodar2/237/runner.html HTTP/1.1\r\nHost: ep2.adtrafficquality.google\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://e35l6y.bigbaozifool.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"adspam-signals-scs\"\r\nreport-to: {\"group\":\"adspam-signals-scs\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs\"}]}\r\ncontent-length: 5044\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 02:04:19 GMT\r\nexpires: Tue, 30 Dec 2025 02:54:19 GMT\r\ncache-control: public, max-age=3000\r\nage: 702\r\nlast-modified: Tue, 13 May 2025 23:17:50 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2024)","md5":"0120a1d624ff8fc3ec792d93a7133947","sha1":"1e3bd23df78ff2c60b187b40a0c6505be9ab889f","sha256":"14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966","sha512":"84286e299ebc6690ee904b5581cd6aaf6b59d06200b61156923301484d1b75fa517894167c4f4777553ba09c840a2d74a723e3ff112448f00514d910dfd172c5","ssdeep":"192:pl/6xS2OASROqI3wgh5MXDc9EAOaK3qzfaGDCiMgIcTa1mx:rz2NQJIVsTiMH3qzfcOIr1mx","tlshash":"4842a7ccbad2b0210353b4f1a13f400ff13ea8aae44c9954b181e8e17cb56a94667f7d","first_seen":"2025-05-19T23:59:48.478548Z","last_seen":"2026-02-26T18:27:55.136579Z","times_seen":169945,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}